[strongSwan] Certificates in cacerts directory

Andreas Steffen andreas.steffen at strongswan.org
Tue Feb 23 19:40:42 CET 2010


Hello Mugur,

ABULIUS, MUGUR (MUGUR) wrote:
> Hello Andreas
> 
> Thank you for the clear explanation and example.
> 
> General strongSwan question:
> 
> Which among all certificates from "/etc/ipsec.d/cacerts/" strongSwan
> will choose to build the list of its trust anchors to be sent in its
> CERTREQ payload?
>
If rightca is specified then we only request certificates issued by
rightca. Otherwise we send certificate requests for all CAs contained
in /etc/ipsec.d/cacerts/, irrespective whether they are root or
intermediate CAs.

> Best Regards Mugur

Best regards

Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list