[strongSwan] Self signed ca cert fails policy check
martin at strongswan.org
Mon Apr 23 10:40:07 CEST 2012
> 01[CFG] policy 126.96.36.199.1 missing in issuing certificate 'CN=CA, ... C=DE'
The constraint plugin enforces different X.509 constraints, such as path
length, name and policy constraints.
In your case, it seems that your end entity certificate has a
certificate policy 188.8.131.52.1.1. Your CA certificate, however, does not
have this policy, an "anyPolicy" nor an appropriate policy mapping. See
 for details about certificate policies.
If you don't need certificate policies validation, it is fine to disable
the constraints plugin. Basic CA validation is performed anyway, but
extended x.509 constraint validation is skipped.
More information about the Users