[strongSwan] question about rightca

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 5 16:55:19 CEST 2017


That's not possible at the moment.

Kind regards


On 05.09.2017 16:16, Harald Dunkel wrote:
> Hi Noel,
> On Tue, 5 Sep 2017 15:34:40 +0200
> Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>> Hi,
>> No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
>> In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.
> I got that from the documentation. I would like to make %same 
> work without specifying any DN in ipsec.conf. Specifying the 
> leftcert for a connection should be sufficient for Strongswan 
> to find the root certificate and its DN.
> I am still hoping that this approach is reasonable.
> Regards
> Harri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170905/51c5ba8e/attachment.sig>

More information about the Users mailing list