Add leftcert ipsec.conf.5 documentation about smartcard certificates

author: Martin Willi <martin@revosec.ch> 2012-10-15 18:14:03 +0200
committer: Martin Willi <martin@revosec.ch> 2012-10-24 13:07:53 +0200
commit: 05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4 (patch)
tree: 3b2ef99aefb954079e92ef9c15b3c6872af8e79e /man
parent: 9687cb5100ca43ba84665037cf137368ea34fe2b (diff)
download: strongswan-05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4.tar.bz2
strongswan-05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index ec8335c05..801004994 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -589,6 +589,18 @@ to the distinguished name of the certificate's subject.
 The left participant's ID can be overridden by specifying a
 .B leftid
 value which must be certified by the certificate, though.
+.br
+A value in the form
+.B %smartcard:<keyid>
+defines a specific certificate to load from a PKCS#11 backend for this
+connection.
+.B <keyid>
+has to be a hex encoded key identifier under which the certificate is stored
+on any of the configured smartcards.
+.B leftcert
+is required only if selecting the certificate with
+.B leftid
+is not sufficient, for example if multiple certificates use the same subject.
 .TP
 .BR leftcert2 " = <path>"
 Same as
author	Martin Willi <martin@revosec.ch>	2012-10-15 18:14:03 +0200
committer	Martin Willi <martin@revosec.ch>	2012-10-24 13:07:53 +0200
commit	05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4 (patch)
tree	3b2ef99aefb954079e92ef9c15b3c6872af8e79e /man
parent	9687cb5100ca43ba84665037cf137368ea34fe2b (diff)
download	strongswan-05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4.tar.bz2 strongswan-05e266ea9d7fb51c5d7c3dc2a3272f6b351338e4.tar.xz