On Tue, Oct 03, 2006 at 12:51:47PM +0200, carlopmart wrote:
> Hi all,
>
> i need to deploy a PKI Linux based infraestructure, including
> authentication (single sign on) for several Linux and OpenBSD servers.
> We have two openbsd firewall clusters (3.9) with vpn using isakmpd. Is
> it possible to use x509 certs generated on a Fedora Directory Server (I
> have used to deploy PKI) to authenticate VPN users?? Somebody knows if
> these could be works?? If I need to upgrade to 4.0 is not a problem.
>
> Many thanks and sorry for my bad english.
If those are just standard OpenSSL-style x509 certificates, you can
generate them whereever you want, and they will work just fine.
4.0 has a lot of improvements, and ISTR that some of those are
necessary to use ipsec.conf with clients that change IP adresses.
Joachim
