[strongSwan] Trust Chain Configuration Support of Peer SEG
Martin Willi
martin at strongswan.org
Fri Oct 17 13:30:27 CEST 2014
Hi Sajal,
> Just wanted to check if my query below reached you.
Of course it did. But please be aware that this is a community mailing
list, and support is provided as the community members find time to do
so.
> Basically i just want to confirm if i can configure Strongswan stack in a
> way so that it is able to establish IKEv2 Tunnel with peer SGW, even if
> Strongswan stack is just aware of peers Root CA cert and not the entire
> trust chain.
IKEv2 supports the exchange of end-entity and intermediate CA
certificates. strongSwan as well supports that, and automatically
exchanges the certificates required by building trust-chains based on
certificate requests. There is no special configuration required; just
install your root CA accordingly.
Regards
Martin
More information about the Users
mailing list