[strongSwan] Certificates in cacerts directory

ABULIUS, MUGUR (MUGUR) mugur.abulius at alcatel-lucent.com
Wed Feb 24 11:05:28 CET 2010

Hello Andreas,

> You can check this behaviour in our sample scenario
> http://www.strongswan.org/uml/testresults43/ikev2/multi-level-ca-cr-init/

In the example the < ca section > for moon specifies the CA's certificate with "cacert=" (almost all other examples do not use "cacert=").

Why "cacert=" is necessary? Which will be the behaviour if "cacert=" is not specified (for strongSwan and IKEv2 exchanges point of view)?

In the example the moon's certificate happens to be signed by a self-signed root certificate. In general, does "cacert=" specify the CA's certificate or the root's certificate (in case is not the same)?

Thank you

More information about the Users mailing list