[strongSwan] OS X strongSwan client

Martin Willi martin at strongswan.org
Wed Sep 18 10:58:31 CEST 2013

Hi Claude,

> I have some keychain problems. I have a CA certificate installed in the
> system store and marked it as "Always Trust", but I still get a server
> authentication failure.

Both installing end entity and CA certificates to the Keychain as
"Always Trust" works here on 10.8. Some notes:

      * Certificates should go to the "System" keychain
      * CA certificates must have the CA basicConstraint

What version of OS X are you running?

You might also try to tweak your syslogger to get the daemon startup log
and check if there is something suspicious. To do so, for example add:

 daemon.info          /var/log/daemon.log

to /etc/syslog.conf and restart the syslogger with

 launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist 
 launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

During startup or any changes to the Keychain, you should see something

 loaded 209 certificates from /System/Library/Keychains/...
 loaded 12 certificates from /Library/Keychains/...


More information about the Users mailing list