[strongSwan] Self signed ca cert fails policy check

Andreas Fett a.fett at gmx.de
Mon Apr 23 22:16:02 CEST 2012


On Mon, Apr 23, 2012 at 10:40:07AM +0200, Martin Willi wrote:
> > 01[CFG] policy missing in issuing certificate 'CN=CA, ... C=DE'
> In your case, it seems that your end entity certificate has a
> certificate policy Your CA certificate, however, does not
> have this policy, an "anyPolicy" nor an appropriate policy mapping. See
> [1] for details about certificate policies.
Thanks a lot for your quick answer, the cert used for authentication indeed
included a certificate policy while the ca cert did not.
Seems we have to get that fixed :-)


The three chief virtues of a programmer are:
Laziness, Impatience and Hubris. -- Larry Wall

More information about the Users mailing list