[strongSwan] Cert question
gary.smith at holdstead.com
Thu Feb 24 21:32:03 CET 2011
> it is not goo practice to load the peer certificate
> (i.e. rightcert locally). Better copy the CA certificate
> which signed the peer certificate and issued all other
> certificates into the /etc/ipsec.d/cacerts/ directory
> so that trust can be established.
Now that I'm back to a terminal, this worked like a charm. Added CA cert, removed local cert for remote system, removed line from ipsec.conf for rightcert, and restarted everything and I can talk both ways (as least on the test network).
More information about the Users