[strongSwan] Trust Chain Configuration Support of Peer SEG

Sajal Malhotra sajalmalhotra at gmail.com
Fri Oct 17 12:38:51 CEST 2014

Hi Guys,

Just wanted to check if my query below reached you.
Basically i just want to confirm if i can configure Strongswan stack in a
way so that it is able to establish IKEv2 Tunnel with peer SGW, even if
Strongswan stack is just aware of peers Root CA cert and not the entire
trust chain.

Thanks and Regards

On Fri, Oct 17, 2014 at 12:13 AM, Sajal Malhotra <sajalmalhotra at gmail.com>

> Hi,
> Following is a scenario that we are trying to test.
> - Strongswan Node (v4.2.8) is connected to a SEG Node.
> - We are trying to use Authentication using X.509 certs
> - Both Nodes have their Device certificates issued from a different trust
> chain with Root CA different as well.
> - On Strongswan Node: Its own complete Trust chain is configured
> correctly. However out of peer SEG's trust chain, only its Root CA cert is
> configured on strongswan. We do not have Peer SEG's Sub-ordinate CA chain
> pre-installed.
> Just wanted to confirm that is it possible to establish an IKEv2 Tunnel
> between peer SGW and a strongswan Node, when only peer SEG's root CA is
> pre-installed and not the entire trust chain.
> The SEG will provide its entire trust chain when the Auth Phase happens,
> however can strongswan authenticate SEG with only Root CA of SEG known
> before hand?
> Regards
> Sajal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141017/199d1afc/attachment.html>

More information about the Users mailing list