Hi Tobias,
Thanks for pointing that out. I did put that in one of the subjectAltNames
fields in openssl.cnf
(I used openssl to generate the certificates), but it seems I didn't put it in
the right section. After
adding this to all sections available, the VPN runs fine. Thanks for your help!
Best Regards,
Tony
> Date: Tue, 28 Feb 2012 10:05:03 +0100
> From: tob...@strongswan.org
> To: tonyzh...@hotmail.com
> CC: 661...@bugs.debian.org
> Subject: Re: strongswan: Compatibility for Apple iOS devices
>
> Hi Tony,
>
> > I cannot use iOS to connect to my server using IKEv1, prompting
> > "could not validate server certificate" (I have installed both client
> > p12 and CA certificate on the iOS device).
>
> This is more likely related to missing subjectAltNames in the gateway
> certificate. You have to make sure the DNS name or IP address you
> configure on the iOS device is contained as subjectAltName in the
> gateway certificate.
>
> Regards,
> Tobias
