[strongSwan] question about rightca
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 5 15:34:40 CEST 2017
No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.
On 05.09.2017 15:24, Harald Dunkel wrote:
> On Tue, 5 Sep 2017 13:33:59 +0200
> Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>>> a matching root CA by default
>> What do you mean with that? charon always authenticates the certificates. You can't turn that off.
> I don't want to turn that off. AFAIU left and right side can use
> independent certificate chains for authorization. I want to make
> sure that left and right side are based upon the same root certificate.
> Is this the default?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users