![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / ikectl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Fri Nov 17 14:43:36 2023 UTC (6 months, 3 weeks ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
Set "unique_subject = no" to allow renewing expired certificates. Without this, openssl throws an error when creating a second req for the same subject which leads to ikectl deleting the old cert without creating a new one. Reported by Ryan Kavanagh in openiked-portable here: https://github.com/openiked/openiked-portable/issues/125 discussed with tb@ ok patrick@
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jan 31 21:35:07 2017 UTC (7 years, 4 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
Teach ikectl to include extensions in the CSR, rather than just adding them when signing the certificates by the local CA. This can make things easier if you want to take a CSR from ikectl to another CA for signing, they often copy extensions from the request. ok reyk@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Nov 2 12:21:27 2015 UTC (8 years, 7 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
switch from using sha1 to sha256 As the ca section of the cnf file requires a default_md line (unlike req) this change also requires updating the installed ikeca.cnf or equivalent files. Requested by and ok reyk@ who also tested this against ios9 with iked.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Nov 2 12:01:28 2015 UTC (8 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.6: +19 -6 lines
Diff to previous 1.6 (colored)
sign csrs with openssl ca instead of x509 -req This way openssl will add valid signed certs to the index file which is required to use the builtin openssl OCSP server. This change requires installing a new ikeca.cnf or updating the default cnf files with equivalent sections. Requested by and ok reyk@
Revision 1.6 / (download) - annotate - [select for diffs], Sat Nov 22 18:15:41 2014 UTC (9 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
/dev/random has created the same effect as /dev/arandom (and /dev/urandom) for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Oct 25 12:35:55 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.4: +4 -5 lines
Diff to previous 1.4 (colored)
Remove support email address from the example that is intended for customers for an existing company.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Oct 8 16:15:22 2010 UTC (13 years, 8 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.3: +6 -1 lines
Diff to previous 1.3 (colored)
set the client/server certificate options with all the common keyusage and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Oct 7 09:36:33 2010 UTC (13 years, 8 months ago) by phessler
Branch: MAIN
Changes since 1.2: +4 -2 lines
Diff to previous 1.2 (colored)
When we create a new CA, also create an empty (but valid) CRL list. While here, set our used defaults in the config file. OK reyk@, jsg@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jun 10 16:14:04 2010 UTC (14 years ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.1: +9 -1 lines
Diff to previous 1.1 (colored)
Add a command to revoke a certificate and generate a CRL; make the ca install command install the CRL as well. discussed with reyk@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 3 16:49:00 2010 UTC (14 years ago) by reyk
Branch: MAIN
Import iked, a new implementation of the IKEv2 protocol. iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@