Working with the CA of the example on this page[1]
certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" \
-k rsa -g 4096 -v 12 -d sql:${HOME}/tmpdb -t "CT,," -2
certs xxx.example.com are accepted however aaa.bbbb.example.com seem to be
reject.
This is not really logged, is it possible to have this logged?
in ipsec.conf
right=%any
rightid=%fromcert
rightca="Example CA"
rightxauthclient=yes
test2:/etc/ipsec.d# certutil -L -d sql:/var/lib/ipsec/nss
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
ZeroSSL ECC Domain Secure Site CA - The USERTRUST Network CT,,
USERTrust ECC Certification Authority - Comodo CA Limited CT,,
Example CA CTu,u,u
[1]
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
