Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] secure remote, opensll and hybrid IKE

To: "'[email protected]'" <[email protected]>
Subject: [FW1] secure remote, opensll and hybrid IKE
From: "Guthrie, Ian" <[email protected]>
Date: Thu, 14 Jun 2001 11:26:01 -0400
Sender: [email protected]

Greetings,

I have read with interest previous folk's descriptions of getting Hybrid
Mode IKE for Secure Remote VPN connections up and running with "roll your
own" certificates.

Phoneboy mentioned using Openssl to create the user certificates and I must
confess that I am drawing a blank as to exactly how that is done.

I have implemented my CA on my firewall in order to get it ready for Hybrid
IKE by following the previous.

On the management console:
1) fwstop
2) fw internalca create -dn "o=mycompany, c=mycountrycode"
3) fw internalca certify -o myfwhostname "o=mycompany, c=mycountrycode"
4) fwstart

I can now properly see the new CA in my GUI policy editor and everything
looks ready to go.

My VPN with Secure Remote clients is currently set up and working with both
IKE and FWZ as options at the moment and is working properly with password
authentication only (but not for long). I am using Checkpoint/VPN1 4.1 SP4.

However, I don't know the next step. I don't want to pay for some package to
produce user certificates (Entrust etc.), and would really like to manage my
own free ones (the VPN users are going to be a small private group and will
be easy to manage).

What type of certificates (x.509 etc. etc.) am I going to create with
Openssl (BTW - I have the latest version of Openssl)? Could someone perhaps
suggest a command line sequence I might use?

I assume I run the Openssl against the cert/CA I created on Firewall 1
somehow, but am a little unclear as to how this is done. I have reviewed the
Openssl docs and the archives of this and other lists without luck.

Thanks in advance!

[ Iain Gunther  ][  Director of R&D ][  Ezenet Inc. ]
[ http://www.ezenet.com ][ mailto:[email protected] ]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] ipso 3.4/FW1 SP4
Next by Date: [FW1] STDIN never works for FW-1
Previous by thread: RE: [FW1] ipso 3.4/FW1 SP4
Next by thread: [FW1] STDIN never works for FW-1
Index(es):
- Date
- Thread