[strongSwan] how to use 'rightca' connection option?

John Brown jb20141125 at gmail.com
Fri Nov 25 10:17:02 CET 2016

Hi Tobias,

Thank you for your answer. But I'm not sure I've understood you well. Did
you mean that when using rightca, I should have locally installed the
certificate with DN the same as provided for rightca option otherwise the
option is igmored?


2016-11-25 9:46 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:

> Hi John,
> >         rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa"
> >
> > I've changed values of fields in righid, but rightca is taken from real
> > config without modification.
> The CA constraint internally uses certificates to match against the
> trust chain.  So you can't set `rightca` to an arbitrary DN.  There must
> exist a CA certificate locally that has the configured subject DN.
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161125/eacc2f11/attachment.html>

More information about the Users mailing list