swanctl Directory
The swanctl
configuration directory (usually /etc/swanctl
) contains
swanctl.conf
and a predefined set of
sub-directories that provide file-based credentials such as private keys and
certificates that are read by the
swanctl --load-creds
command.
Since version 5.7.2 these directories are accessed relative to the loaded
swanctl.conf
file (in particular when
loading it from a custom location via the --file
option supported by the
swanctl --load-…
commands. The location of the
swanctl
directory may also be specified at runtime via the SWANCTL_DIR
environment variable.
Each sub-directory is used for a specific kind of credential:
Directory | Contents |
---|---|
|
Config snippets included via |
|
Trusted X.509 end entity certificates |
|
Trusted X.509 Certificate Authority certificates |
|
Trusted X.509 Attribute Authority certificates |
|
Trusted X.509 OCSP signer certificates |
|
Certificate Revocation Lists |
|
Attribute Certificates |
|
PKCS#1 encoded RSA private keys |
|
Plain ECDSA private keys |
|
PKCS#8 encoded private keys of any type |
|
PKCS#12 containers |
|
Private keys in any format |
|
Raw public keys |
All files may be either DER or PEM encoded.