[strongSwan] question about rightca
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Sep 5 16:55:19 CEST 2017
That's not possible at the moment.
On 05.09.2017 16:16, Harald Dunkel wrote:
> Hi Noel,
> On Tue, 5 Sep 2017 15:34:40 +0200
> Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>> No, that is not the default. Any authenticatable certificate with a matching ID to it is accepted (Unless it's revoked via CRLs or OCSP).
>> In your case, just set leftca to the DN of your root CA certificate, and rightca to that, too or to %same.
> I got that from the documentation. I would like to make %same
> work without specifying any DN in ipsec.conf. Specifying the
> leftcert for a connection should be sufficient for Strongswan
> to find the root certificate and its DN.
> I am still hoping that this approach is reasonable.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Users