[strongSwan] does Chinese ascii characters accepted in 'Subject' of certificates by strongswan
Tobias Brunner
tobias at strongswan.org
Wed Feb 13 09:45:26 CET 2019
Hi Yogesh,
> Is Chinese Ascii characters allowed in subject of certificates used in
> authentication while negotiating the ipsec tunnel in ikev2 ?
I'd disagree that these are ASCII characters, but sure you can use
UTF8String as type for the RDNs in the subject DN.
> So can I configure this certificate in peer side and add the string in
> 'rightid' in ipsec.conf on my local machine.
That might or might not work, may depend on the encoding of ipsec.conf.
But you can configure the binary subject DN in `rightid` (i.e.
rightid="asn1dn:#30..."). Use the `pki --dn` command to extract it from
the certificate in that format.
Regards,
Tobias
More information about the Users
mailing list