[strongSwan] Send CA certificates during the ISAKMP phase

joern.mewes at gmx.net joern.mewes at gmx.net
Sat Apr 28 08:03:03 CEST 2012


Is there any way to configure pluto to send its intermediate (ca) certificate during the IKE phase? We are using a certificate chain (root-ca, sub1-ca, sub2-ca) and I observed that VPN peers having the certificates from sub1-ca cannot verify the strongswan certs issued by sub2-ca as strongswan sends the client certificate only.
I read in https://lists.strongswan.org/pipermail/users/2011-January/005842.html that charon can do this but I am wondering if this is possible with Pluto as well as we have to stick with IKEv1.

Can you give a short hint how to configure this?

Thanks and regards,

Joern Mewes

NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a

More information about the Users mailing list