[strongSwan] NetworkManager-strongswan-gnome IKEv2 configuration question.

Tobias Brunner tobias at strongswan.org
Thu Jan 17 15:03:12 CET 2019

Hi Josh,

> Question: why do I need do explicitly extract letsencrypt parent
> Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
> certificate from /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 
> (found after # DST Root CA X3) and load into configuration dialog?

strongSwan only extracts the first certificate from a file.  So if you
don't have a directory on your system with individual CA certificates
you have to do that manually.  The path used by the NM backend if no CA
certificate is configured explicitly, is configurable via configure
script (--with-nm-ca-dir) and config (charon-nm.ca_dir) and defaults to


More information about the Users mailing list