Hi, each endpoint loads its own certificate with
leftcert=defaultCertificate.pem from a local file and has explicit trust in it even if the CA certificate is not present. Since the peer uses the identical defaultCertificate, trust is also put into the peer. You need a CA only if your peer has a certificate different from the defaultCertificate. Regards Andreas On 18.06.2012 07:08, divya mohan wrote: > Hi, > > I have set up an IPsec connection using certificates. I have copied > the End Entity certificate and key; but I have not copied the CA > certificate. > > I was expecting the connection to fail, as authentication should fail > in this case. However, the connection seems to be working fine. > I am attaching logs and ipsec.conf from Host1(initiator) and Host2(responder). > > Is this because of any issue in my configuration? Shouldn't > authentication fail if issuer certificate is not found? > > > Regards, > Divya Mohan M ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
