[strongSwan] question about rightca

Harald Dunkel harald.dunkel at aixigo.de
Tue Sep 5 16:16:18 CEST 2017

Hi Noel,

On Tue, 5 Sep 2017 15:34:40 +0200
Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:

> Hi,
> No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
> In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.

I got that from the documentation. I would like to make %same 
work without specifying any DN in ipsec.conf. Specifying the 
leftcert for a connection should be sufficient for Strongswan 
to find the root certificate and its DN.

I am still hoping that this approach is reasonable.


More information about the Users mailing list