Version 6 - History - ipsec.conf: ca Reference - strongSwan

ipsec.conf: ca Reference » History » Version 6

Tobias Brunner, 18.04.2008 13:54
certuribase added

 Martin Willi
-Tobias Brunner
+h1. ca <name>
 Tobias Brunner
 Tobias Brunner
-Tobias Brunner
+* _also = _<section name>
-Martin Willi
+     includes ca section <name>.
 Martin Willi
-Tobias Brunner
+* _auto = *ignore*|add_
 Martin Willi
-Tobias Brunner
+* _cacert = _<path>
-Tobias Brunner
+     defines a path to the CA certificate either relative to _/etc/ipsec.d/cacerts_ or as an absolute path.
 Martin Willi
-Tobias Brunner
+* _crluri = _<uri>
-Martin Willi
+     defines a CRL distribution point (ldap, http, or file URI).
 Martin Willi
-Tobias Brunner
+* _crluri1 = _<uri>
-Tobias Brunner
+     synonym for _crluri_.
 Martin Willi
-Tobias Brunner
+* _crluri2 = _<uri>
-Martin Willi
+     defines an alternative CRL distribution point (ldap, http, or file URI).
 Martin Willi
-Tobias Brunner
+* _ldaphost = _<hostname>
-Martin Willi
+     defines an ldap host. Currently used by IKEv1 only.
 Martin Willi
-Tobias Brunner
+* _ocspuri = _<uri>
-Martin Willi
+     defines an OCSP URI.
 Martin Willi
-Tobias Brunner
+* _ocspuri1 = _<uri>
-Tobias Brunner
+     synonym for _ocspuri_.
 Martin Willi
-Tobias Brunner
+* _ocspuri2 = _<uri>
-Tobias Brunner
+     defines an alternative OCSP URI. Currently used by IKEv2 only.
 Tobias Brunner
-Tobias Brunner
+* _certuribase = _<uri>
-Tobias Brunner
+     defines the base URI for the Hash and URL feature supported by IKEv2.
-Tobias Brunner
+     Instead of exchanging complete certificates, IKEv2 allows to send an URI
-Tobias Brunner
+     that resolves to the DER encoded certificate. The certificate URIs are built
-Martin Willi
+     by appending the SHA1 hash of the DER encoded certificates to this base URI.

Project

General

Profile

strongSwan

ipsec.conf: ca Reference » History » Version 6