[strongSwan] Trust Chain Configuration Support of Peer SEG

Martin Willi martin at strongswan.org
Fri Oct 17 13:30:27 CEST 2014

Hi Sajal,

> Just wanted to check if my query below reached you.

Of course it did. But please be aware that this is a community mailing
list, and support is provided as the community members find time to do

> Basically i just want to confirm if i can configure Strongswan stack in a
> way so that it is able to establish IKEv2 Tunnel with peer SGW, even if
> Strongswan stack is just aware of peers Root CA cert and not the entire
> trust chain.

IKEv2 supports the exchange of end-entity and intermediate CA
certificates. strongSwan as well supports that, and automatically
exchanges the certificates required by building trust-chains based on
certificate requests. There is no special configuration required; just
install your root CA accordingly.


More information about the Users mailing list