[strongSwan] how to use 'rightca' connection option?
jb20141125 at gmail.com
Tue Nov 29 10:51:32 CET 2016
Thanks for help, now the rightca option works as expected. But what are
reasons that this option only works in case right certificate is installed?
Wouldn't be a safer solution if, in case of lack of certificate mentioned
in rightca option authentiaction also failed?
2016-11-25 14:46 GMT+01:00 John Brown <jb20141125 at gmail.com>:
> Hi Tobias,
> I didn't notice this warning but I'm going to test not only this scenario
> but also others, hoping that with your hints, I'll manage to set this up.
> Thank you for your help!
> 2016-11-25 14:37 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
>> Hi John,
>> > Did you mean that when using rightca, I should have locally installed
>> > the certificate with DN the same as provided for rightca option
>> > otherwise the option is igmored?
>> Yep. You should actually see a warning in the log, saying something
>> like "CA certificate "..." not found, discarding CA constraint".
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users