[strongSwan] how to use 'rightca' connection option?

John Brown jb20141125 at gmail.com
Tue Nov 29 10:51:32 CET 2016

Hi Tobias,

 Thanks for help, now the rightca option works as expected. But what are
reasons that this option only works in case right certificate is installed?
Wouldn't be a safer solution if, in case of lack of certificate mentioned
in rightca option authentiaction also failed?

Best regards,

2016-11-25 14:46 GMT+01:00 John Brown <jb20141125 at gmail.com>:

> Hi Tobias,
>  I didn't notice this warning but I'm going to test not only this scenario
> but also others, hoping that with your hints, I'll manage to set this up.
> Thank you for your help!
> Regards,
> John
> 2016-11-25 14:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>> Hi John,
>> > Did you mean that when using rightca, I should have locally installed
>> > the certificate with DN the same as provided for rightca option
>> > otherwise the option is igmored?
>> Yep.  You should actually see a warning in the log, saying something
>> like "CA certificate "..." not found, discarding CA constraint".
>> Regards,
>> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161129/4d033333/attachment.html>

More information about the Users mailing list