Hi folks,

Question: How can I tell charon to send or request intermediate
certificates to/from the peer?

Sample case would be a common root CA, one or two intermediate CAs,
and a client certificate for each peer. Both are using strongswan.

IMU charon has to trust the root CA to verify the whole chain up to
the client certs. The root cert has to go to /etc/ipsec.d/cacerts,
but the intermediate CAs could be provided by the peer. Are they?
They don't show up in the log file (asn = 2).

I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
would help, but apparently it doesn't.

Every insightful comment is highly appreciated.


Reply via email to