aboutsummaryrefslogtreecommitdiff
path: root/ansible/experiments/strongswan/strongswan.md
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/experiments/strongswan/strongswan.md')
-rw-r--r--ansible/experiments/strongswan/strongswan.md18
1 files changed, 18 insertions, 0 deletions
diff --git a/ansible/experiments/strongswan/strongswan.md b/ansible/experiments/strongswan/strongswan.md
new file mode 100644
index 0000000..4258037
--- /dev/null
+++ b/ansible/experiments/strongswan/strongswan.md
@@ -0,0 +1,18 @@
+# CA certificate
+
+ mkdir -p files/swanctl/CA
+ pki --gen > files/swanctl/CA/ca-key.der
+ pki --self \
+ --in files/swanctl/CA/ca-key.der \
+ --dn "C=NO, O=Trygvis IO AS, CN=Trygvis IO CA" \
+ --ca > files/swanctl/CA/ca-cert.der
+
+# Peer certificate
+
+ mkdir -p files/swanctl/$host/{rsa,x509}
+ pki --gen > files/swanctl/$host/rsa/$host-key.der
+ pki --pub --in files/swanctl/$host/rsa/$host-key.der | \
+ pki --issue \
+ --cakey files/swanctl/CA/ca-key.der \
+ --cacert files/swanctl/CA/ca-cert.der \
+ --dn "C=NO, O=Trygvis IO AS, CN=$host.trygvis.io" > files/swanctl/$host/x509/$host-cert.der
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 16:16:56 +0000