[strongSwan] Limiting a connection to a specific CA?
Ruel, Ryan
rruel at akamai.com
Tue Oct 13 11:50:03 CEST 2015
Is this the relevant option?
left|rightca = <issuer dn> | %same
the distinguished name of a certificate authority which is required to lie in the trust path going from the
left|right participant's certificate up to the root certification authority.
%same means that the value configured for the other participant should be reused.
From: Ryan Ruel
Date: Tuesday, October 13, 2015 at 5:48 AM
To: "users at lists.strongswan.org<mailto:users at lists.strongswan.org>"
Subject: [strongSwan] Limiting a connection to a specific CA?
Assume that you have configured two separate IPsec connections in ipsec.conf. Each client is authenticating via certificates, one to the first connection and the other to the second.
If the clients are using certificates signed by private (but different) CA’s, is there anyway currently to limit validation for each connection to a specific root CA?
From what I understand, all root CA’s are checked until a match is found?
I’m wondering if there’s a way to limit the trust chain for each connection to just one CA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151013/9506963e/attachment.html>
More information about the Users
mailing list