First page Back Continue Last page Overview Graphics
/usr/bin/openssl ca -in filename.Req.pem -days 730 -out filename.Cert.pem -passin pass:foobar -notext -cert caCert.pem -keyfile caKey.pem.locked
cp gatewayCert.pem /etc/ipsec.d/certs/ # AP host pubkey
cp gatewayKey.pem* /etc/ipsec.d/private/ # AP host privkey
cp caCert.pem /etc/ipsec.d/cacerts/ # AP host cert CA
# following needs entry in /etc/ipsec.secrets
cp gatewayKey.pem.locked /etc/ipsec.d/private/
# Certificate Revocation List (optional)
openssl ca -gencrl -out /etc/ipsec.d/crls/crl.pem
Service httpd restart ; service ipsec restart
Notes: