[strongSwan-dev] load-authority request over VICI interface
Tobias Brunner
tobias at strongswan.org
Mon Oct 2 09:55:21 CEST 2017
Hi Erick,
> However, I believe now I am supposed to issue the "load-authority" command to load that CA certificate.
You don't. These options are only needed if you want to associate a CA
with e.g. a CDP that is not contained in the certificates, see [1].
> since I want to load the PEM data over VICI itself..
You pass such a blob in the `cacert` key. The `file` key is to load
from an absolute path accessible by the daemon and `handle` (plus `slot`
and `module`) may be used to load the certificate from a smartcard or TPM.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf#authorities-section
More information about the Dev
mailing list