From owner-freebsd-questions@FreeBSD.ORG  Sat Jan 22 05:02:39 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 09BDC16A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 22 Jan 2005 05:02:39 +0000 (GMT)
Received: from web54407.mail.yahoo.com (web54407.mail.yahoo.com
	[68.142.225.163])
	by mx1.FreeBSD.org (Postfix) with SMTP id 778C243D3F
	for <freebsd-questions@freebsd.org>;
	Sat, 22 Jan 2005 05:02:38 +0000 (GMT)	(envelope-from vctw@yahoo.com)
Received: (qmail 19857 invoked by uid 60001); 22 Jan 2005 05:02:38 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=s1024; d=yahoo.com;
	b=w270GWgpx8eKrgmZkki3tEnbx19p/b3VVqyyFGVWKkvTDcEeJkLgormw+foAtkWQfgWBhLhLFdJtDiVjm6xcGzz3wbZLUfWD3miiVP+6jrAASBAN1LKp1dTF7dW8eb8lvHTLqwMzn0zMt8dwHL/F41IhDecf01Gpi6V7xyyF/Uc=
	;
Message-ID: <20050122050237.19855.qmail@web54407.mail.yahoo.com>
Received: from [218.161.110.189] by web54407.mail.yahoo.com via HTTP;
	Sat, 22 Jan 2005 13:02:37 CST
Date: Sat, 22 Jan 2005 13:02:37 +0800 (CST)
From: Vincent Chen <vctw@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=big5
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Sat, 22 Jan 2005 13:11:55 +0000
Subject: certificates for ipsec?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jan 2005 05:02:39 -0000

Hi, all

I have 2 certificates which created 2 years ago for ipsec connection. It works
ok until now. The self signed CA is about to expire. Here comes questions:

1. If certificate expire, will racoon working ok as usual?
2. I tried to generate new certificates for those hosts, but new certificates
won't work with ipsec. I forget the detail to create existing certificates, is
there any special attribute or openssl configuration needed for ipsec?


Thanks,

Vincent Chen


-----------------------------------------------------------------
Yahoo!奇摩造型精靈
最新的造型精靈簽名檔，讓信件獨具個人色彩！
http://tw.avatar.yahoo.com/