[strongSwan] SA Establishment with Juniper Fails when Trust Chains are used on both Ends.
sajalmalhotra at gmail.com
Fri Feb 13 15:15:46 CET 2015
Thanks Tobias!! For a Quick clarification.
Looks like i need to raise the issue with Juniper.
On Fri, Feb 13, 2015 at 4:44 PM, Tobias Brunner <tobias at strongswan.org>
> Hi Sajal,
> > Why SA negotiation is failing between Strongswan and Juniper. Juniper
> > had already shared its Issuer Certificate(SubCA2) in IKE_INIT Message.
> No, what it sends in the CERTREQ payload during IKE_SA_INIT is a
> certificate request for certificates issued by SubCA2. This payload
> contains a SHA-1 hash of the issuer certificate's public key, not the
> certificate. The intermediate CA certificate should be sent as CERT
> payload during the IKE_AUTH exchange.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users