[strongSwan] Trust Chain Configuration Support of Peer SEG

Sajal Malhotra sajalmalhotra at gmail.com
Thu Oct 16 20:43:41 CEST 2014


Following is a scenario that we are trying to test.
- Strongswan Node (v4.2.8) is connected to a SEG Node.
- We are trying to use Authentication using X.509 certs
- Both Nodes have their Device certificates issued from a different trust
chain with Root CA different as well.
- On Strongswan Node: Its own complete Trust chain is configured correctly.
However out of peer SEG's trust chain, only its Root CA cert is configured
on strongswan. We do not have Peer SEG's Sub-ordinate CA chain

Just wanted to confirm that is it possible to establish an IKEv2 Tunnel
between peer SGW and a strongswan Node, when only peer SEG's root CA is
pre-installed and not the entire trust chain.

The SEG will provide its entire trust chain when the Auth Phase happens,
however can strongswan authenticate SEG with only Root CA of SEG known
before hand?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141017/750011ff/attachment.html>

More information about the Users mailing list