[strongSwan] Query regarding Ca-Cert list

Mukesh Yadav write2mukesh84 at gmail.com
Tue Jun 10 08:59:48 CEST 2014


This is question more specifc to Openssl, but being generic scenario posting
this on stongswan if some one can provide info..

Query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.

If peer sends Cert matching to A2, gateway tries to validate it with
A1(subject being same and configured first in list) and validation fails.

1. is there a way to avoid addition of cert in store if subject and all
contents are same except time-stamp generation.
2. Or if not 1st, is there way to validate incoming cert with both cert
configured in store.
3. Or this scenario is know limitation and have to take care while

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140610/f7a0ac0b/attachment.html>

More information about the Users mailing list