[strongSwan] leftID and rightID

Andreas Steffen andreas.steffen at strongswan.org
Sun Sep 25 22:11:19 CEST 2011

The subject distinguished name or subject DN of an X.509 certificate
consists of several Relative Distinguished Names (RDNs) and therefore
can be quite tiresome to write as in

"C=DE, ST=Mecklenburg-Vorpommern, L=Rostock, O=Finanzamt,
 OU=Zentrale Informations- und Annahmestelle, CN=steuerportal-mv.de,
 E=poststelle at fm.mv-regierung.de"

Therefore often one or several subjectAlternativeNames or Aliases
are added as X.509v3 extensions to a certificate, like e.g.

  email:carol at strongswan.org

(given in openssl.cnf notation) which saves a lot of typing work and
helps to eliminate errors.



On 09/25/2011 02:58 PM, nima chavooshi wrote:
> Hi
> Thanks a lot for your quick reply.
> Excuse me for my dummy question.I am some confused.
> May you give me more explanation about "subject distinguished name",
> "subjectAltName", "subject DN" field on X509 certification?
> According to your told, I should define lefid at least, is that true ?
> Thanks in advance for any help or guidance 
> On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
>     Hello,
>     left|rightid *must* be either the subject distinguished name or
>     a subjectAltName extension contained in the certificate. If you
>     don't define leftid or if leftid is not defined in the certificate
>     then automatically the subject DN is assumed as a default.
>     As a responder you can define rightid=%any, in that case any
>     peer with a trusted and non-revoked certificate will be accepted.
>     Regards
>     Andreas

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list