[strongSwan] Send CA certificates during the ISAKMP phase
joern.mewes at gmx.net
joern.mewes at gmx.net
Sat Apr 28 08:03:03 CEST 2012
Hello,
Is there any way to configure pluto to send its intermediate (ca) certificate during the IKE phase? We are using a certificate chain (root-ca, sub1-ca, sub2-ca) and I observed that VPN peers having the certificates from sub1-ca cannot verify the strongswan certs issued by sub2-ca as strongswan sends the client certificate only.
I read in https://lists.strongswan.org/pipermail/users/2011-January/005842.html that charon can do this but I am wondering if this is possible with Pluto as well as we have to stick with IKEv1.
Can you give a short hint how to configure this?
Thanks and regards,
Joern Mewes
--
NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a
More information about the Users
mailing list