[strongSwan] how to use 'rightca' connection option?

Tobias Brunner tobias at strongswan.org
Fri Nov 25 09:46:34 CET 2016

Hi John,

>         rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa"
> I've changed values of fields in righid, but rightca is taken from real
> config without modification.

The CA constraint internally uses certificates to match against the
trust chain.  So you can't set `rightca` to an arbitrary DN.  There must
exist a CA certificate locally that has the configured subject DN.


More information about the Users mailing list