Hi John, > rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa" > > I've changed values of fields in righid, but rightca is taken from real > config without modification.
The CA constraint internally uses certificates to match against the trust chain. So you can't set `rightca` to an arbitrary DN. There must exist a CA certificate locally that has the configured subject DN. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
