Hi Hans, > I added multiple certificates OU=<groupname> to the cert store, hoping > that Windows would ask me which one to use, with no luck.
I assume you are using Machine Certificates to authenticate the clients? I'm not aware of a way to enforce a specific certificate in IKE authentication. What you might try is to switch from Machine Certificates to EAP-TLS authentication (in IKEv2). Microsoft uses EAP-TLS to authenticate users (not the Machine) with certificates or Smartcards. When selecting "Smart Card or certificate" as EAP method, you can even (un-)set a "Use simple certificate selection" flag that sounds promising. Please be aware that certificates and keys have to go in the user certificate store for EAP-TLS, and that you have to ./configure strongSwan with --enable-eap-tls and set rightauth=eap-tls, see [1] for details. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/EapTls _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
