[strongSwan] NetworkManager-strongswan-gnome IKEv2 configuration question.
Tobias Brunner
tobias at strongswan.org
Thu Jan 17 15:03:12 CET 2019
Hi Josh,
> Question: why do I need do explicitly extract letsencrypt parent
>
> Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
>
> certificate from /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> (found after # DST Root CA X3) and load into configuration dialog?
strongSwan only extracts the first certificate from a file. So if you
don't have a directory on your system with individual CA certificates
you have to do that manually. The path used by the NM backend if no CA
certificate is configured explicitly, is configurable via configure
script (--with-nm-ca-dir) and config (charon-nm.ca_dir) and defaults to
/usr/share/ca-certificates.
Regards,
Tobias
More information about the Users
mailing list