[strongSwan] question about rightca

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 5 15:34:40 CEST 2017


No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.

Kind regards


On 05.09.2017 15:24, Harald Dunkel wrote:
> On Tue, 5 Sep 2017 13:33:59 +0200
> Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>> Hi,
>>> a matching root CA by default  
>> What do you mean with that? charon always authenticates the certificates. You can't turn that off.
> I don't want to turn that off. AFAIU left and right side can use 
> independent certificate chains for authorization. I want to make
> sure that left and right side are based upon the same root certificate.
> Is this the default?
> Regards
> Harri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170905/f66647cf/attachment.sig>

More information about the Users mailing list