Hi Mike,
> Is the ca section of the ipsec.conf used only for ca-certificates or also for
> the leftcert itself?
> If so, what is the element cacert referring to?
man ipsec.conf or [1]?
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/CaSection
Hi Mike,
> What certificate is referenced by the cacert entry, the "leftcert ca" or the
> "leftcert root ca" ?
> Have all certificates in the certificate chain to be accessible from the
> certuribase?
Similar to CRL URIs, the configured base URI is only used for
certificates that are immediate
Hi Mike,
> gateway ipsec.conf:
>
> ca %default
> certuribase=http://hashandurl.my-server.de/
> auto=add
If that's the only ca section in your config this won't work. The
%default section is never loaded itself it only provides defaults for
other sections of the same type. Also, defining a
Hi!
We have confirued a strongswan roadwarrior client and a strongswan gateway to
use Hash_and_Url.
We found that the gateway is always sending its certificate instead of sending
the hash-link to its certificate, but the roadwarrior does.
Unfortunally I can't find such an behavior in the user-m