> Am using load tester plugin. I need to check the end entity certificate > contents (on demand certificate). So need the on demand certificate in .pem > format.
You may try to use "ipsec listcerts" to list any certs in the cache, then use "ipsec stroke exportx509 <DN>" to print a certificate for a Distinguished Name. Newer releases also support "ipsec stroke exportconncert <conn>" and "ipsec stroke exportconnchain <conn>" to export a certificate/chain for a specific established connection. > // Before peer_key->destroy(peer_key); i added the below 3 lines. > > this->ca->get_encoding(this->ca, CERT_PEM, &test_enc); > chunk_write(test_enc, ChunkDumpPath, "pem", 022, TRUE); > chunk_free(&test_enc); this->ca as it says is the CA certificate. If you want the end entity certificate, try the generated peer_cert. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
