Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec (Road Warrior Howto): Difference between revisions

FireBrick IPsec (Road Warrior Howto) (view source)

Revision as of 08:30, 30 July 2015

No change in size ,  30 July 2015
m
→‎FireBrick (server) certificate
== FireBrick (server) certificate ==
 
NestNext we make a certificate file for the FireBrick itself. This is how the FireBrick proves itself to the client device. Again, there is a ''key'' and a ''cert'' file for this, with both being loaded in to the FireBrick. The ''key'' is what allows the FireBrick to prove itself. The ''cert'' is signed by the CA key, which is how the phone knows to trust the FireBrick. Note the extra <tt>FQDN=</tt> which sets the SubjectAltName. The <tt>FQDN</tt> entry is just a name used to get the right certificate, and should match the <tt>local-id</tt> (prefixed <tt>FQDN:</tt>) in the config so that the FireBrick can work our which certificate to use when negotiating, and the client can check the certificate matches the server.
 
First make a private key, e.g. <tt>server-key.pem</tt>
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,270

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/10146