<br>
<div class="gmail_quote">2014-08-26 16:54 GMT+02:00 Tobias Brunner <span dir="ltr"><<a href="mailto:tobias@strongswan.org" target="_blank">tobias@strongswan.org</a>></span>:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">I noticed that one still has to install the<br>CA certificate to authenticate the server in the machine keystore, </blockquote>
</div><br><br>Thanks for your work. Thats an important point for my environment. I hoped it is possible to establish a secure connection with a windows 7 user, which has no administrative rights to trust the CA own its own (by saving it in the local machine cert-space).<br>
<br>I also discovered, that Windows is rejecting the Linux target-certificate as long, as it has no dns name in CN and subjectAltName. Tried only IP adress before. <br> <br>Best regards Johannes