Hi folks, Question: How can I tell charon to send or request intermediate certificates to/from the peer?
Sample case would be a common root CA, one or two intermediate CAs, and a client certificate for each peer. Both are using strongswan. IMU charon has to trust the root CA to verify the whole chain up to the client certs. The root cert has to go to /etc/ipsec.d/cacerts, but the intermediate CAs could be provided by the peer. Are they? They don't show up in the log file (asn = 2). I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem would help, but apparently it doesn't. Every insightful comment is highly appreciated. Regards Harri