[strongSwan] Intermediate CAs unknown to peer?
shea at shealevy.com
Wed Sep 24 22:14:56 CEST 2014
I have the setup described at  working currently.
shea-intermediate.crt is signed by zalora-ca.crt, and each machine's
cert in /etc/x509 is signed by and concatenated with
shea-intermediate.crt. If I remove the 'ca inter' section from each
config, I get:
> no issuer certificate found for "C=SG, ST=Singapore, O=Zalora, OU=DevOps, CN=strongswan-ebc130d19292466287791571653eac79, E=it-services at zalora.com"
Is there any way to get this to work without each machine needing to
know about the intermediate cas that may be used by the others? Since
the intermediate ca is signed by the root ca and bundled with the
end-user ca, it seems like it shouldn't be necessary...
More information about the Users