Version 5 - History - ipsec.conf: ca Reference - strongSwan

ipsec.conf: ca Reference » History » Version 5

Tobias Brunner, 18.04.2008 13:54
certuribase added

-Martin Willi
+= ca <name> =
 Martin Willi
-Martin Willi
+ * ''also = ''<section name>
-Martin Willi
+     includes ca section <name>.
 Martin Willi
-Martin Willi
+ * ''auto = '''ignore'''|add''
 Martin Willi
-Martin Willi
+ * ''cacert = ''<path>
-Martin Willi
+     defines a path to the CA certificate either relative to ''/etc/ipsec.d/cacerts'' or as an absolute path.
 Martin Willi
-Martin Willi
+ * ''crluri = ''<uri>
-Martin Willi
+     defines a CRL distribution point (ldap, http, or file URI).
 Martin Willi
-Martin Willi
+ * ''crluri1 = ''<uri>
-Martin Willi
+     synonym for ''crluri''.
 Martin Willi
-Martin Willi
+ * ''crluri2 = ''<uri>
-Martin Willi
+     defines an alternative CRL distribution point (ldap, http, or file URI).
 Martin Willi
-Martin Willi
+ * ''ldaphost = ''<hostname>
-Martin Willi
+     defines an ldap host. Currently used by IKEv1 only.
 Martin Willi
-Martin Willi
+ * ''ocspuri = ''<uri>
-Martin Willi
+     defines an OCSP URI.
 Martin Willi
-Martin Willi
+ * ''ocspuri1 = ''<uri>
-Martin Willi
+     synonym for ''ocspuri''.
 Martin Willi
-Martin Willi
+ * ''ocspuri2 = ''<uri>
-Martin Willi
+     defines an alternative OCSP URI. Currently used by IKEv2 only.
 Tobias Brunner
-Tobias Brunner
+ * ''certuribase = ''<uri>
-Tobias Brunner
+     defines the base URI for the Hash and URL feature supported by IKEv2.
-Tobias Brunner
+     Instead of exchanging complete certificates, IKEv2 allows to send an URI
-Tobias Brunner
+     that resolves to the DER encoded certificate. The certificate URIs are built
-Tobias Brunner
+     by appending the SHA1 hash of the DER encoded certificates to this base URI.

Project

General

Profile

strongSwan

ipsec.conf: ca Reference » History » Version 5