============================
Certificate Generation
Version 3.x
============================
-------------
INTRO
-------------
This package contains a set of programs to generate an entire certificate chain of trust
and will configure StrongSwan server. .p12 files are generated for client distribution.
Features:
* Certificate Authority (CA) creation
* Server and Client certificate generation (based on CA)
* CA and Client certificate packaged as .p12 file for easy import to Android (other clients too)
* Ubuntu networking configuration scripts (tunneling enabled)
---------------------
VERSIONS
---------------------
Version 3.1 - MOB Hub PKI
* PKI Bootstrap
- generate an entire chain-of-trust
* PKI Lifecycle
- generate certificates during the CA's lifecycle
Version 3.0 - CA Intermediate Support
* requires openssl (does not require ipsec)
* CA Intermediate support
-root CA can be generated with 5-10yr expiration, put into cold-storage
* small to large organizational support
---------------------
TODO
---------------------
* SCEP support
---------------------
TROUBLESHOOTING
---------------------
1) Look at the error log for detailed information:
$ tail -n 40 /var/log/syslog
2) Check the date/time of the device. A common problem is a certificate date/time valid range issue.
Make sure your server date is within the CA, and Server certificate valid date.
----------------
METHODOLOGY
----------------
------------
HISTORY
------------
version 3.x
* strongswan: new configuration that uses DN (distinguished name) to authenticate clients
(previous configs used local IP address for authentication)
* certificate generation moved to another repository
- separated into two stages
stage 1 : pki bootstrap
stage 2 : pki lifecycle
8510375d68