[strongSwan] Cert question

Gary Smith gary.smith at holdstead.com
Thu Feb 24 21:32:03 CET 2011

> it is not goo practice to load the peer certificate
> (i.e. rightcert locally). Better copy the CA certificate
> which signed the peer certificate and issued all other
> certificates into the /etc/ipsec.d/cacerts/ directory
> so that trust can be established.
> Regards
> Andreas

Now that I'm back to a terminal, this worked like a charm. Added CA cert, removed local cert for remote system, removed line from ipsec.conf for rightcert, and restarted everything and I can talk both ways (as least on the test network).


More information about the Users mailing list