Hi Andreas/Tobias, PLease let me know if you need any further inputs
Regards Sajal On Mon, May 31, 2010 at 7:50 PM, Sajal Malhotra <[email protected]>wrote: > Hi > This is regarding update of CA certificates in IKEv2 stack. > We are facing issue in update of CA certificates while following the steps > below: > Step 1. Initially we have a configuration with 2 CA certificates mentioned > in ipsec.conf as follows: > > ca cert1 > cacert=/home/sajal/abc.pem > auto=add > > ca cert2 > cacert=/home/sajal/xyz.pem > auto=add > > * Using this we were able to establish SA with our peer which also has a > certificate signed by above CA certificate.* > > Step 2. Now we set the date of system(where ikev2 stack is running) to a > *future > date* with value *beyond the expiry time* of CA Certificates > Step 3. After doing so SA establishment with peer fails saying AUTH Failure > Step 4. Now i deleted the above 2 CA certificates by specifying a different > CA certificate in ipsec.conf and issuing the "ipsec update" command: > > ca cert1 > cacert=/home/sajal/ijk.pem > auto=add > Step 5. Now i set the system date back to normal. > Step 6. Now when we try to establish SA with our Peer it is still > successfully established. This is incorrect as the Certificate of peer is > signed by *previous CA *certificate, which has been deleted in step 4 > above. > > > Can you please let us know what is the issue here > > > Warm Regards > Sajal >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
