[strongSwan] strongswan is asking private key for the root CA
Old Kid
oldkid at gmx.com
Sat Jul 13 04:02:04 CEST 2019
On Saturday, 13 July 2019 01:50:06 CST, Noel Kuntze wrote:
> Hello,
>
> From the FAQ[1]:
>
> *Q:* /Can strongSwan read chain files (a leaf certificate and
> the CAs that are required to authenticate it)?/
>
> *A:* No, strongswan does not support chain files. Every
> certificate needs to be provided in a single file, given it is
> not loaded by a user provided application that uses the VICI
> <https://wiki.strongswan.org/projects/strongswan/wiki/VICI> API.
>
>
> Thus, split up the certificates into seperate files. I suspect
> you put the root CA's certificate in first and then appended the
> other certificates.
> Then strongSwan would find its cert first in the file and try it.
>
> Kind regards
>
> Noel
>
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#X509-Certificate-chain-files
>
> Am 12.07.19 um 12:39 schrieb Old Kid:
>> Hi all,
>> I basically copied/pasted DigitalOcean's strongswan
>> configuration for ubuntu 18.04. I run strongswan on debian 9
>> myself. It's 5.7 version and still uses
>> ipsec.conf:
>>
>> config setup
>> charondebug="ike 1, knl 1, cfg 0" ...
>
Thanks a lot. I splitted the ca bundle file sent from Comodo into separate
files in /etc/ipsec.d/cacerts and it worked.
More information about the Users
mailing list