SSL Certs: Create own CA + cert for S2S VPN auth - RSA and ECDSA

in Linux

Table of Contents

Description

I recently had to configure Strongswan with Certificate Authentication to a Checkpoint GW and got lost a bit in all the articles I could find about the openssl utility and how to generate a CA, CSRs, sign a certificate and so on.
I will summarize here the steps required for generating the CA/cert so that everything is in a single place.

I give an example with RSA and one with ECDSA.

The changes are minimal.

On the Checkpoint side I only had to import the CA from Strongswan side and configure it under the Public Key auth pertaining to the Network Interoperable Device (representation of 3rd party device Checkpoint wise).

Continue reading

Author's picture

Mihai Tanasescu

All Rounder and Jack of all trades (master of none? :) ).
Sailing the Cloud world with my fantastic team@Aviatrix, former Network, Systems Engineer (Cisco, Juniper, Linux, Openshift, Openstack).
A flavor of Security added to the mix (Offensive Security OSCE).
If there’s anything new and cool, then I like to learn about it. I’m also a fan of deep diving under the hood of a product to see what makes it tick as well as what breaks it.

Solutions Architect @ Aviatrix

Switzerland