swanctl Directory

The swanctl configuration directory, usually /etc/swanctl, contains swanctl.conf and a predefined
set of sub-directories that provide file based credentials, such as private keys and certificates, which are
read by the swanctl --load-creds command.

Each sub-directory is used for a specific kind of credential:

Directory Contents
conf.d Config snippets, included via include conf.d/*.conf in the default swanctl.conf file since 5.6.0
x509 Trusted X.509 end entity certificates
x509ca Trusted X.509 Certificate Authority certificates
x509aa Trusted X.509 Attribute Authority certificates
x509crl Certificate Revocation Lists
x509ac Attribute Certificates
rsa PKCS#1 encoded RSA private keys
ecdsa Plain ECDSA private keys
pkcs8 PKCS#8 encoded private keys of any type
pkcs12 PKCS#12 containers
private Private keys in any format
pubkey Raw public keys

All files may be either DER or PEM encoded.