[strongSwan] Multiple hostnames same server cert
kgardenia42
kgardenia42 at googlemail.com
Tue Dec 18 17:03:08 CET 2012
Hi,
wrt. to this guide:
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
I have created my server cert for vpn.foo.com as outlined:
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert
caCert.pem --cakey caKey.pem \
--dn "C=CH, O=strongSwan, CN=vpn.foo.com" --san="vpn.foo.com" \
--flag serverAuth --flag ikeIntermediate --outform pem >
serverCert.pem
However, I want the *same* VPN server to be accessible by clients as
*both* vpn.foo.com and vpn.bar.com then how can I accomplish this? Do
I need a server cert and traffic selector for each one?
Or is it somehow possible to hang both hostnames off the same server
cert (preferred)?
If I need two server certs then can they both use the same CA? I
assumed so but when I try the above there seems to be some ambiguity
over which traffic selector is selected (well it appears to be the
first one in ipsec.conf). Is there a known gotcha there or have I
just missed something? If so I'll start from scratch.
Thanks.
More information about the Users
mailing list