On Thu, 12 Oct 2023, Mayur Nakade wrote:
certificate contains no subjectAltName extension
"mytunnel" #8: certificate
does not contain subjectAltName=hostB.cert.com
Note: SAN cnf is created and added in host certificates(verified by checking
certificate
content). Theres no other error as till 4th main message IKE was going
good(verified from pluto log
and wireshark). So after that seek help here to understand issue that why IKE
is not successful?
Does above issue is causing it?
Can you show the output of: openssl x509 -in file.cert -noout -text
It does strongly suggest you do not have a subjectAltName extension, and
trusting CN= is no longer considered secure.
Paul
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
