Westermo RedFox Series User Manual
Page 807
Westermo OS Management Guide
Version 4.17.0-0
Alice
CA
A
CA
B
Bob
Trusted Certs
Figure 35.9: Alice and Bob have imported each others certificates as trusted
peers. In this case Alice and Bob do not need to install/import CA certificates.
key, her CA and own certificates as a password protected PKCS#12 bundle, while
Bob’s certificate could be uploaded/imported as a PEM file. See
for
more information on certificate management).
Note
Although this trust model does not require Alice or Bob to install any CA
certificates, WeOS still requires their certificates to be issued by some CA,
i.e., the Issuer and Subject of the certificate cannot be the same.
The configuration example below is loosely based on sample setup in
However, as this tunnel configuration is only intended for Alice and Bob, we have
restricted the remote-id and remote-subnet settings on Alice side. Furthermore,
we have let Alice and Bob have certificates of different CAs, to make the example
more general.
❼ Local-id: Local-id could use ”auto” mode (”no local-id”). That is simpler
than defining the DN string explicitly as done below.
❼ Remote-id: As of WeOS v4.17.0, Remote-id can not use ”auto” mode (”no
remote-id”). That may change in future versions of WeOS.
❼ Remote CA: The remote-ca setting does not apply when a remote certificate
is specified, thus is not shown in the example.
➞ 2015 Westermo Teleindustri AB
807