[strongSwan] how to use 'rightca' connection option?
jb20141125 at gmail.com
Fri Nov 25 10:17:02 CET 2016
Thank you for your answer. But I'm not sure I've understood you well. Did
you mean that when using rightca, I should have locally installed the
certificate with DN the same as provided for rightca option otherwise the
option is igmored?
2016-11-25 9:46 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
> Hi John,
> > rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa"
> > I've changed values of fields in righid, but rightca is taken from real
> > config without modification.
> The CA constraint internally uses certificates to match against the
> trust chain. So you can't set `rightca` to an arbitrary DN. There must
> exist a CA certificate locally that has the configured subject DN.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users