[strongSwan] "no trusted RSA public key found" with iOS ikev2

Tobias Brunner tobias at strongswan.org
Wed Nov 18 11:23:09 CET 2015


Could you please not cross-post your emails to the users and dev mailing
lists.  This is clearly a configuration issue that has nothing to do
with strongSwan's development.

> The client cert installed on the ipad has the followign subject 
>                  Subject: CN=1-ios-test1-ikev2
> and Subject Alt name
>                   X509v3 Subject Alternative Name: 
>                                DirName:/CN=1-ios-test1-ikev2/OU=CF-CAL/O=120

You have to add a SAN of DNS:1-ios-test1-ikev2 to your client
certificate as the client configured with

> <key>LocalIdentifier</key>
> <string>1-ios-test1-ikev2</string>

will send an identity of type FQDN with the value `1-ios-test1-ikev2`.
AFAIK it's still not possible to configure a DN in the client profile so
you have to add this as SAN to your certificate.


More information about the Users mailing list