[strongSwan] strongswan is asking private key for the root CA

Old Kid oldkid at gmx.com
Sat Jul 13 04:02:04 CEST 2019


On Saturday, 13 July 2019 01:50:06 CST, Noel Kuntze wrote:
> Hello,
>
> From the FAQ[1]:
>
> *Q:* /Can strongSwan read chain files (a leaf certificate and 
> the CAs that are required to authenticate it)?/
>
> *A:* No, strongswan does not support chain files. Every 
> certificate needs to be provided in a single file, given it is 
> not loaded by a user provided application that uses the VICI 
> <https://wiki.strongswan.org/projects/strongswan/wiki/VICI> API.
>
>
> Thus, split up the certificates into seperate files. I suspect 
> you put the root CA's certificate in first and then appended the 
> other certificates.
> Then strongSwan would find its cert first in the file and try it.
>
> Kind regards
>
> Noel
>
> [1] 
> https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#X509-Certificate-chain-files
>
> Am 12.07.19 um 12:39 schrieb Old Kid:
>> Hi all,
>> I basically copied/pasted DigitalOcean's strongswan 
>> configuration for ubuntu 18.04. I run strongswan on debian 9 
>> myself. It's 5.7 version and still uses
>> ipsec.conf:
>> 
>> config setup
>>    charondebug="ike 1, knl 1, cfg 0" ...
>

Thanks a lot. I splitted the ca bundle file sent from Comodo into separate
files in /etc/ipsec.d/cacerts and it worked.


More information about the Users mailing list