Datasheet

“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 637 — #663

Security in the Network

3. Import ﬁles on the client computer

Creating a Client Certiﬁcate

The client certiﬁcate is created with the YaST CA Management module

(see Section 26.1.2 on page 627). The ﬁnished certiﬁcate is then saved to-

gether with the key and all participating CAs in a PKCS12 ﬁle (see Sec-

tion 26.1.2 on page 631).

Exporting a FreeS/WAN Conﬁguration File

On the server, start the ‘VPN’ YaST module in the YaST control center un-

der ‘Security and Users’. In the overview (Figure 26.5 on page 635), click

‘Connections’ then select the required server connection in the connec-

tion overview. After you select ‘Experts...’ ➝ ‘Export’ ➝ ‘FreeS/WAN’,

select the storage location for the freeswan_ipsec.conf ﬁle, which

must be transferred to the Linux client. This ﬁle is a suggestion for a

FreeS/WAN client and its details may need to be adapted. The ﬁle is tai-

lored to FreeS/WAN Version 2. Older versions require additional parame-

ters.

Importing Files on the Client

Next, the certiﬁcates and the conﬁguration ﬁle must be transferred to the

client by means of a secure medium. The IPsec conﬁguration ﬁle must be

saved on the client as /etc/ipsec.conf.

To import the certiﬁcate, start the ‘VPN’ YaST module in the YaST con-

trol center under ‘Security and Users’ on the client. In the overview (Fig-

ure 26.5 on page 635), click ‘Certiﬁcates’ ➝ ‘Import’ then select your saved

client certiﬁcate. For import purposes, enter the password for the certiﬁ-

cate. The certiﬁcate is then displayed in the certiﬁcate list and clicking

‘Next’ returns to the overview.

Note

The connection may need to be adapted to local circumstances

(e.g., change certiﬁcate and ID).

Note

637SUSE LINUX Enterprise Server