[strongSwan] Send CA certificates during the ISAKMP phase

Joern Mewes joern.mewes at gmx.net
Mon May 21 20:34:58 CEST 2012


Not sure if the below email went trough. Can someone please tell me if
its possible to configure pluto so send intermediate certificates during
the isakmp phase?


> Hello,

> Is there any way to configure pluto to send its intermediate (ca) 
> certificate during the IKE phase? We are using a certificate chain 
> (root-ca, sub1-ca, sub2-ca) and I observed that VPN peers having the 
> certificates from sub1-ca cannot verify the strongswan certs issued by 
> sub2-ca as strongswan sends the client certificate only.
> I read in https://lists.strongswan.org/pipermail/users/2011-January/005842.html
> that charon can do this but I am wondering if this is possible with 
> pluto as well as we have to stick with IKEv1.

> Can you give a short hint how to configure this?

> Thanks and regards,
> Joern

NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone!                                  
Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a

More information about the Users mailing list