[strongSwan] IPsec with Certificate Authentication

Andreas Steffen andreas.steffen at strongswan.org
Tue Nov 6 07:15:27 CET 2012

Hi Deepak,

if the peer's identity is an IP address then this address will be
checked against all subjectAltName entries in order to see if one
of them matches the identity.



On 05.11.2012 19:43, deepak khandelwal wrote:
> Hi,
> I have a question regarding IPSec with Certificate Authentication where
> Certificate contains Multiple IP-Address in Subject Alternative name
> extension.
> X509v3 Subject Alternative Name:
>                 IP Address:, IP Address:
> While checking Cert Validity against identity.
> Is it expected to check all IP-Address present in SAN.
> or just the first IP-Address is expected to check ? 
> Best regards,
> Deepak
> 91- 9632308791
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121106/982f369e/attachment.bin>

More information about the Users mailing list