Hi Tobias, Thank you for your reply.
Rightca does not work either. If I use rightca, the authentication seems to fail always, even though the certificate hierarchy is correct. Rightca works when I dont use eap-tls. The constraint is correctly enforced. -sk On Wed, Feb 6, 2019 at 5:10 AM Tobias Brunner <tob...@strongswan.org> wrote: > Hi, > > > Is > > righhtca2 supposed to work with eap-tls and eap-identity connections? > > rightca2 is for a second authentication round. Which is not what > happens with EAP-TLS (unless you actually use it in a second round after > e.g. a regular pubkey authentication). So maybe try rightca instead. > > Regards, > Tobias >