Hi, > I have copied the End Entity certificate and key; but I have not copied > the CA certificate.
It looks like you are using the same certificate and key for the two peers. Is this correct? > I was expecting the connection to fail, as authentication should fail > in this case. > leftcert="/etc/ipsec/certs/ipsec.d//certs/defaultCertificate.pem" If you define a left/rightcert in your configuration, this explicitly loaded certificate is marked as "trusted": > 14[CFG] no issuer certificate found for "C=FI, ST=testee, L=testee, O=ABC, > OU=testee, CN=example ee certificate" > 14[CFG] using trusted certificate "C=FI, ST=testee, L=testee, O=ABC, > OU=testee, CN=example ee certificate" Since you're using the same certificate on both ends, we have a locally valid and trusted certificate to verify the signature. No need to validate the trustchain using the CA. If you run a CA and want to validate the certificates, please consider using distinct certificates for each peer. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
