[strongSwan] Certificates in cacerts directory

Andreas Steffen andreas.steffen at strongswan.org
Tue Feb 23 19:40:42 CET 2010

Hello Mugur,

> Hello Andreas
> Thank you for the clear explanation and example.
> General strongSwan question:
> Which among all certificates from "/etc/ipsec.d/cacerts/" strongSwan
> will choose to build the list of its trust anchors to be sent in its
> CERTREQ payload?
If rightca is specified then we only request certificates issued by
rightca. Otherwise we send certificate requests for all CAs contained
in /etc/ipsec.d/cacerts/, irrespective whether they are root or
intermediate CAs.

> Best Regards Mugur

Best regards


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list