[strongSwan] NetworkManager-strongswan-gnome IKEv2 configuration question.
Josh
jvpn at use.startmail.com
Mon Jan 21 04:44:33 CET 2019
Hello Tobias,
Thanks for the explanation. The observed behavior creates severe
usability problems compare to all other desktop and mobile devices with
don't require custom certificate in this case.
All systems/devices I tried connecting to this server with successfully
found DST Root certificate in OS/device certificate storage.
Is there any reason strongSwan can't utilize linux system default
certificates like curl, wget and possibly others do?
Regards,
Josh.
On 1/17/19 9:03 AM, Tobias Brunner wrote:
> Hi Josh,
>
>> Question: why do I need do explicitly extract letsencrypt parent
>>
>> Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
>>
>> certificate from /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>> (found after # DST Root CA X3) and load into configuration dialog?
> strongSwan only extracts the first certificate from a file. So if you
> don't have a directory on your system with individual CA certificates
> you have to do that manually. The path used by the NM backend if no CA
> certificate is configured explicitly, is configurable via configure
> script (--with-nm-ca-dir) and config (charon-nm.ca_dir) and defaults to
> /usr/share/ca-certificates.
>
> Regards,
> Tobias
More information about the Users
mailing list