[strongSwan] certificate chain setup for iPhone clients

Noel Kuntze noel at familie-kuntze.de
Thu Sep 18 19:07:58 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Naveen,

Is there a reason for you not importing the self signed CA on the phones?

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 17.09.2014 um 09:17 schrieb Naveen:
> Hi,
>
> I plan to setup vpn servers for iPhone clients using strong swan. right now i am using a self-signed CA to sign the client Certificates that are used by the iPhone users (for digi cert auth during IKE). Each user has a unique clientCert. Now i want to move away from self-signed CA to a trusted so that users don't see a warning on their phones.
>
> Any suggestions on how to go about this - like
> a. companies who provide this CA - verisign ?
> b. cost involved in setting up this cert chain
>
> thanks
> Naveen
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUGxFuAAoJEDg5KY9j7GZYXSQP/i7xjYMTt2IDPcRlX8kEjDqY
Rfj95dKL8GEMgcX0/Bjg6h22KIir4e/Sx7CrXlOErr+lDyVh5A3a4XzC2vIpk8uj
GiJEzLoHGHWPFaygYB4sTI3cpuLWka7IZlzeDPATQPDUyeSPQbnxt26Lpa2T4SvN
hzhWkVICXUdRVJDu+iuBweyphf1GWSGhP0+Iy/eJny/ktO4A5kxpA3SK5CFVr2ia
VE0g7sgBpzxdZJeyIUomUn92vY9VnWtjmvpRVSeG4Iu9nlAhTpmW1Yd2gmGPh/mF
kSzBylUK4x04ZQZNjMdj5b78E0rbKzQqToAporyFq0oT2f0sHfZbmF8zJMBAh3os
eNq/5Lz9lkrDl5LBdeQteqf2moRRibBJWsoXmYTAshhX3O12ypemAozZ7BU1Dy2T
5qzaToproXbgzzAVUNaBDrQCpHQcy23/5T5OyFW58NK736ToKa3bB/kAt/tUY/6X
D+0g4KYlH1hfLDnFvRtZknRmS91xBFWL2dnDc18XCBNvEFn2NNuuqigAahEmHMRD
daWePj0PuyVyDRMSZdoZXfmvjd2AbuhuOF5ptqvJdVoI+Rq/97WWglzX7j4FWsMD
GtVt3IcPe9FjJBekxVbp9VeUyTS7Deha8QfTEDjhZzNhcwTlVUiKvmaIDVdruact
xz59LbY/WEKqgeh2kNev
=ETyd
-----END PGP SIGNATURE-----



More information about the Users mailing list