[vpn-help] Cert q's
Peter Eisch
peter at boku.net
Thu Aug 31 18:25:21 CDT 2006
Hey Matthew,
Re: testing -- this is sorta fun and a good way to learn more about a
technology that won't be going away anytime soon. And back at you too --
thank you for seemingly having too much time on your hands. <grin>
On to certificates. I mentioned last week that I'd like to use p12 cert
bundles which include the ca.crt the client's cert and key. Is there a way
to just load a p12 and have the client unbundle the three components when
{,xauth-}rsasig is selected? Specifically, in the tab for certs there would
just be one input box to select the path of the p12 and perhaps a radio
button to select p12 or discreet files. Whenever the p12 path changes,
there would need to be a password panel that pops up to prompt for the
password. I'd guess that the client could save "import" the cert parts into
the certs directory out of the p12 and not store the p12 per se.
Another way to look at using certs is to use the keystore that comes with
XP. It could do all the p12 management and the client could just reference
the certs as they're stored there.
The cisco concentrators basically chew up the p12's quite nicely and stuff
them in the config -- I guess I'm thinking that maybe the certs loaded from
the p12 could even be stored in the vpn profile config. That could be quite
handy but if the admin of such certs had a requirement that they can never
be exported there would be a snafu.
Perhaps you've thought on this?
Thanks yet again,
peter
More information about the vpn-help
mailing list