[strongSwan] Certificates in cacerts directory
ABULIUS, MUGUR (MUGUR)
mugur.abulius at alcatel-lucent.com
Wed Feb 24 11:05:28 CET 2010
Hello Andreas,
> You can check this behaviour in our sample scenario
> http://www.strongswan.org/uml/testresults43/ikev2/multi-level-ca-cr-init/
In the example the < ca section > for moon specifies the CA's certificate with "cacert=" (almost all other examples do not use "cacert=").
Why "cacert=" is necessary? Which will be the behaviour if "cacert=" is not specified (for strongSwan and IKEv2 exchanges point of view)?
In the example the moon's certificate happens to be signed by a self-signed root certificate. In general, does "cacert=" specify the CA's certificate or the root's certificate (in case is not the same)?
Thank you
Mugur
More information about the Users
mailing list