产生证书的详细的操作步骤。
openssl genrsa -des3 -out server.key 1024
openssl -in server.key -out server.keyopenssl rsa -in server.key -out server.key
openssl req -new -key server.key -out server.csr -config openssl.cnf
openssl req -new -key server.key -out server.csr -config /etc/pki/tls/openssl.cnf
openssl genrsa -des3 -out client.key 1024
openssl rsa -in client.key -o client.key
openssl rsa -in client.key -out client.key
openssl req -new -key client.key -out client.csr -config /etc/pki/tls/openssl.cnf
openssl req -new -x509 -keyout ca.key -out ca.crt -config /etc/pki/tls/openssl.cnf
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
touch /etc/pki/CA/index.txt
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
echo 00 > /etc/pki/CA/serial
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
/etc/ipsec.conf配置
leftcert=client.crt
rightcert=server.crt
/etc/ipsec.secrets
:RSA /etc/ipsec.d/private/server.key