o Adding strongswan experiment.

1 files changed, 18 insertions, 0 deletions

diff --git a/ansible/strongswan-experiment/strongswan.md b/ansible/strongswan-experiment/strongswan.md
new file mode 100644
index 0000000..4258037
--- /dev/null
+++ b/ansible/strongswan-experiment/strongswan.md
@@ -0,0 +1,18 @@
+# CA certificate
+
+    mkdir -p files/swanctl/CA
+    pki --gen > files/swanctl/CA/ca-key.der
+    pki --self \
+        --in files/swanctl/CA/ca-key.der \
+        --dn "C=NO, O=Trygvis IO AS, CN=Trygvis IO CA" \
+        --ca > files/swanctl/CA/ca-cert.der
+
+# Peer certificate
+
+    mkdir -p files/swanctl/$host/{rsa,x509}
+    pki --gen > files/swanctl/$host/rsa/$host-key.der
+    pki --pub --in files/swanctl/$host/rsa/$host-key.der | \
+      pki --issue \
+        --cakey files/swanctl/CA/ca-key.der \
+        --cacert files/swanctl/CA/ca-cert.der \
+        --dn "C=NO, O=Trygvis IO AS, CN=$host.trygvis.io" > files/swanctl/$host/x509/$host-cert.der