[strongSwan] Multiple hostnames same server cert

kgardenia42 kgardenia42 at googlemail.com
Tue Dec 18 17:03:08 CET 2012


wrt. to this guide:

I have created my server cert for vpn.foo.com as outlined:
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert
caCert.pem --cakey caKey.pem \
          --dn "C=CH, O=strongSwan, CN=vpn.foo.com" --san="vpn.foo.com" \
          --flag serverAuth --flag ikeIntermediate --outform pem >

However, I want the *same* VPN server to be accessible by clients as
*both* vpn.foo.com and vpn.bar.com then how can I accomplish this?  Do
I need a server cert and traffic selector for each one?

Or is it somehow possible to hang both hostnames off the same server
cert (preferred)?

If I need two server certs then can they both use the same CA?  I
assumed so but when I try the above there seems to be some ambiguity
over which traffic selector is selected (well it appears to be the
first one in ipsec.conf).  Is there a known gotcha there or have I
just missed something?  If so I'll start from scratch.


More information about the Users mailing list