Hi Sajal, > Why SA negotiation is failing between Strongswan and Juniper. Juniper > had already shared its Issuer Certificate(SubCA2) in IKE_INIT Message.
No, what it sends in the CERTREQ payload during IKE_SA_INIT is a certificate request for certificates issued by SubCA2. This payload contains a SHA-1 hash of the issuer certificate's public key, not the certificate. The intermediate CA certificate should be sent as CERT payload during the IKE_AUTH exchange. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
