[strongSwan] Send CA certificates during the ISAKMP phase
andreas.steffen at strongswan.org
Mon May 21 22:54:08 CEST 2012
no, pluto cannot send intermediate certificates but the forthcoming
strongSwan 5.0 charon daemon with combined IKEv1/IKEv2 functionality
will be able to send them.
On 05/21/2012 08:34 PM, Joern Mewes wrote:
> Not sure if the below email went trough. Can someone please tell me if
> its possible to configure pluto so send intermediate certificates during
> the isakmp phase?
>> Is there any way to configure pluto to send its intermediate (ca)
>> certificate during the IKE phase? We are using a certificate chain
>> (root-ca, sub1-ca, sub2-ca) and I observed that VPN peers having the
>> certificates from sub1-ca cannot verify the strongswan certs issued by
>> sub2-ca as strongswan sends the client certificate only.
>> I read in https://lists.strongswan.org/pipermail/users/2011-January/005842.html
>> that charon can do this but I am wondering if this is possible with
>> pluto as well as we have to stick with IKEv1.
>> Can you give a short hint how to configure this?
>> Thanks and regards,
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users