Hi Tobias, Thank you for your answer. But I'm not sure I've understood you well. Did you mean that when using rightca, I should have locally installed the certificate with DN the same as provided for rightca option otherwise the option is igmored?
Regards, John 2016-11-25 9:46 GMT+01:00 Tobias Brunner <[email protected]>: > Hi John, > > > rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa" > > > > I've changed values of fields in righid, but rightca is taken from real > > config without modification. > > The CA constraint internally uses certificates to match against the > trust chain. So you can't set `rightca` to an arbitrary DN. There must > exist a CA certificate locally that has the configured subject DN. > > Regards, > Tobias > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
