[strongSwan] Authentication of a CERT payload with only the subject certificate

Martin Willi martin at strongswan.org
Tue Mar 26 11:15:03 CET 2013

Hi Mugur,

>      SEG cert chain : "RootX/sub-CAy/SEG" (same hierarchy, different end entities)
>      SEG sends only the "SEG" certificate in CERT payload (instead of sub-CAy/SEG")
> Does authentication work?

As long as you have the correct sub-CAy installed on your client, it
should be no problem to validate the trustchain. strongSwan uses all
certificates it has available, not only those received in the CERT
payloads of the current exchange.


More information about the Users mailing list