[strongSwan] "no trusted RSA public key found" with iOS ikev2
Tobias Brunner
tobias at strongswan.org
Wed Nov 18 11:23:09 CET 2015
Hi,
Could you please not cross-post your emails to the users and dev mailing
lists. This is clearly a configuration issue that has nothing to do
with strongSwan's development.
> The client cert installed on the ipad has the followign subject
> Subject: CN=1-ios-test1-ikev2
> and Subject Alt name
> X509v3 Subject Alternative Name:
> DirName:/CN=1-ios-test1-ikev2/OU=CF-CAL/O=120
You have to add a SAN of DNS:1-ios-test1-ikev2 to your client
certificate as the client configured with
> <key>LocalIdentifier</key>
> <string>1-ios-test1-ikev2</string>
will send an identity of type FQDN with the value `1-ios-test1-ikev2`.
AFAIK it's still not possible to configure a DN in the client profile so
you have to add this as SAN to your certificate.
Regards,
Tobias
More information about the Users
mailing list