[strongSwan] PKCS#12 and leftid

Jacques Monin jacques.monin01 at gmail.com
Wed May 20 13:14:00 CEST 2015

Indeed, the certificates were not created with the option -utf8 so by
default the fields are interpreted as ASCII.

I tried to create a certificate with this option and it now works well.

However, I would need to be able to use the old certificates I have. Is
there still any way to use them ?

I tried to use prefix in leftid, I read in strongswan wiki : "For example,
*ipv4:* does not create a valid ID_IPV4_ADDR IKE identity, as it
does not get converted to binary
0x0a000001. Instead, one could use *ipv4:#0a000001* to get a valid

Do I have to convert unicode to binary to have something like

Moreover the sharp sign seems to be interpreted as commentary in bash, how
am I suppose to prevent it ?


2015-05-13 20:12 GMT+02:00 Volker Rümelin <vr_strongswan at t-online.de>:

>  The RDN specifies C=FR, but I don't know if I have to do something more
>> to precise the encoding. Am I supposed to change it at the creation of
>> the x509, of the p12 or after ?
> I don't know how you create your x509 certificate. So it's either at the
> creation of your certificate, or even before, at the creation of your
> PKCS#10 certificate request. I use openssl with the -utf8 option,
> string_mask = utf8only in the [req] stanza and my locale codeset is utf8.
> Regards,
> Volker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150520/d5bc88d2/attachment.html>

More information about the Users mailing list