XCA: sign IPsec certificates with own CA
- by sbrattla
I'm trying to establish a LAN to LAN connection through a VPN tunnel. There's a Zywall at the remote office which will be responsible for establishing a connection to a Draytek at the main office. I'm able to establish the connection if I use shared keys, but I'd like to use certificates instead.
I've downloaded the XCA application for Ubuntu which allows me to first create a CA certificate, and then sign "certificate signing reqests" using this CA. However, I'm uncertain if I am doing things right.
More specifically<, which basic keys/extended keys should the CA certificate and the certificates themselves have? Right now I just skip selecting any keys at all, but is that right?
All hints and help appreciated!