[strongSwan] Send CA certificates during the ISAKMP phase
Andreas Steffen
andreas.steffen at strongswan.org
Mon May 21 22:54:08 CEST 2012
Hi Joern,
no, pluto cannot send intermediate certificates but the forthcoming
strongSwan 5.0 charon daemon with combined IKEv1/IKEv2 functionality
will be able to send them.
Regards
Andreas
On 05/21/2012 08:34 PM, Joern Mewes wrote:
>
> Hi,
>
> Not sure if the below email went trough. Can someone please tell me if
> its possible to configure pluto so send intermediate certificates during
> the isakmp phase?
>
> Thanks,
> Joern
>
>
>> Hello,
>
>> Is there any way to configure pluto to send its intermediate (ca)
>> certificate during the IKE phase? We are using a certificate chain
>> (root-ca, sub1-ca, sub2-ca) and I observed that VPN peers having the
>> certificates from sub1-ca cannot verify the strongswan certs issued by
>> sub2-ca as strongswan sends the client certificate only.
>
>> I read in https://lists.strongswan.org/pipermail/users/2011-January/005842.html
>> that charon can do this but I am wondering if this is possible with
>> pluto as well as we have to stick with IKEv1.
>
>> Can you give a short hint how to configure this?
>
>> Thanks and regards,
>> Joern
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list