Hi Yogesh, > Is Chinese Ascii characters allowed in subject of certificates used in > authentication while negotiating the ipsec tunnel in ikev2 ?
I'd disagree that these are ASCII characters, but sure you can use UTF8String as type for the RDNs in the subject DN. > So can I configure this certificate in peer side and add the string in > 'rightid' in ipsec.conf on my local machine. That might or might not work, may depend on the encoding of ipsec.conf. But you can configure the binary subject DN in `rightid` (i.e. rightid="asn1dn:#30..."). Use the `pki --dn` command to extract it from the certificate in that format. Regards, Tobias
