[strongSwan] does Chinese ascii characters accepted in 'Subject' of certificates by strongswan

Tobias Brunner tobias at strongswan.org
Wed Feb 13 09:45:26 CET 2019

Hi Yogesh,

> Is Chinese Ascii characters allowed in subject of certificates used in
> authentication while negotiating the ipsec tunnel in ikev2 ?

I'd disagree that these are ASCII characters, but sure you can use
UTF8String as type for the RDNs in the subject DN.

> So can I configure this certificate in peer side and add the string in
> 'rightid' in ipsec.conf on my local machine.

That might or might not work, may depend on the encoding of ipsec.conf.
 But you can configure the binary subject DN in `rightid` (i.e.
rightid="asn1dn:#30...").  Use the `pki --dn` command to extract it from
the certificate in that format.


More information about the Users mailing list