[strongSwan] question about rightca
harald.dunkel at aixigo.de
Tue Sep 5 16:16:18 CEST 2017
On Tue, 5 Sep 2017 15:34:40 +0200
Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
> No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
> In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.
I got that from the documentation. I would like to make %same
work without specifying any DN in ipsec.conf. Specifying the
leftcert for a connection should be sufficient for Strongswan
to find the root certificate and its DN.
I am still hoping that this approach is reasonable.
More information about the Users