[strongSwan] CA certificate in response to certificate request payload in x509 authentication
agrawalsameer at gmail.com
Thu Apr 21 22:37:01 CEST 2016
I am trying to establish an ipsec tunnel using x509 authentication between
a Linux device (running strongswan) and another device that supports IKEv2.
Both peers are using the same CA certificate to generate the local
The issue I am facing is the peer is request CA certificate in its
certificate request payload in the message. However, strongswan currently
is not sending the CA information because of which the authentication
between the 2 peer is failing.
Is there a way to send the CA certificate if the peer is requesting that in
the certificate request payload? If yes, how can I do that?
I tried leftsendcert=always or ifasked option but that did not seem to work.
The config that I have on strongswan side is as follows:
leftid="C=US, ST=CA, L=SJ, O=BR, OU=QA, CN=QA, emailAddress=
peer1 at br.com"
rightid="C=US, ST=CA, L=SD, O=BR, OU=SQA, CN=SQA, emailAddress=
peer2 at br.com"
<users at lists.strongswan.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users