[strongSwan] FQDN based certificate authentication for ikev2
Andreas Steffen
andreas.steffen at strongswan.org
Mon Apr 2 12:18:43 CEST 2012
Hi Reshma,
by default the certificate's subjectDistinguishedName is used as
an ID. There is no mechanism to automatically assign subjectAltNames.
What should we do if several subjectAltNames exist?
Regards
Andreas
On 02.04.2012 11:14, Reshma Begam wrote:
> Hi Andreas,
>
> Thanks for the response and this works.
>
> Also, how can we assign identity info from cert files to leftid/rightid
> ? instead of explicitly defining them.
>
> Example: I am looking something like leftid=%fromcert
>
> leftid=%fromcert and leftid=%leftcert --> I tried both these options on
> responder side instead of leftid=cla.atca.nsn.com
> <http://cla.atca.nsn.com/>, but it doesn't work.
>
> Could you please comment what should be the wild card entries on both
> sides to acheive this assignments using certs?
>
> Thanks,
> Reshma
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120402/1fa0f95b/attachment.bin>
More information about the Users
mailing list