[strongSwan] question about rightca
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 5 16:55:19 CEST 2017
Hi,
That's not possible at the moment.
Kind regards
Noel
On 05.09.2017 16:16, Harald Dunkel wrote:
> Hi Noel,
>
> On Tue, 5 Sep 2017 15:34:40 +0200
> Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>
>> Hi,
>>
>> No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
>> In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.
>>
>
> I got that from the documentation. I would like to make %same
> work without specifying any DN in ipsec.conf. Specifying the
> leftcert for a connection should be sufficient for Strongswan
> to find the root certificate and its DN.
>
> I am still hoping that this approach is reasonable.
>
>
> Regards
> Harri
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170905/51c5ba8e/attachment.sig>
More information about the Users
mailing list