============================
        Certificate Generation
          Version 3.x
      ============================


-------------
  INTRO
-------------

This package contains a set of programs to generate an entire certificate chain of trust
 and will configure StrongSwan server. .p12 files are generated for client distribution.

Features:
  * Certificate Authority (CA) creation 
  * Server and Client certificate generation (based on CA)
  * CA and Client certificate packaged as .p12 file for easy import to Android (other clients too)
  * Ubuntu networking configuration scripts (tunneling enabled)



---------------------
  VERSIONS
---------------------

Version 3.1 - MOB Hub PKI
  * PKI Bootstrap
    - generate an entire chain-of-trust
  * PKI Lifecycle
    - generate certificates during the CA's lifecycle
Version 3.0 - CA Intermediate Support
  * requires openssl  (does not require ipsec)
  * CA Intermediate support
    -root CA can be generated with 5-10yr expiration, put into cold-storage
  * small to large organizational support



---------------------
  TODO
---------------------
  * SCEP support



---------------------
  TROUBLESHOOTING
---------------------

1) Look at the error log for detailed information:
  $ tail -n 40 /var/log/syslog

2) Check the date/time of the device. A common problem is a certificate date/time valid range issue. 
Make sure your server date is within the CA, and Server certificate valid date.



----------------
  METHODOLOGY
----------------




------------
  HISTORY
------------
version 3.x
  * strongswan: new configuration that uses DN (distinguished name) to authenticate clients
    (previous configs used local IP address for authentication)
  * certificate generation moved to another repository
    - separated into two stages
      stage 1 : pki bootstrap
      stage 2 : pki lifecycle