[strongSwan] Moving StrongSwan server from self signed to Let's Encrypt
Tobias Brunner
tobias at strongswan.org
Thu Aug 27 13:29:32 CEST 2020
Hi Michael,
> Is there anything needed on the Android client side to recognize Let's
> Encrypt?
No.
> The StrongSwan App lists DST_Root_CA_X3, but I don't see the
> LE cert. Is it needed?
On the server, you need the intermediate CA cert (if you used certbot,
it's contained in chain.pem so just reference that) and have to make
sure that it is sent to the clients (in case they don't send certificate
requests, i.e. configure leftsendcert=always).
Regards,
Tobias
More information about the Users
mailing list