Working with the CA of the example on this page[1] certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" \ -k rsa -g 4096 -v 12 -d sql:${HOME}/tmpdb -t "CT,," -2
certs xxx.example.com are accepted however aaa.bbbb.example.com seem to be reject. This is not really logged, is it possible to have this logged? in ipsec.conf right=%any rightid=%fromcert rightca="Example CA" rightxauthclient=yes test2:/etc/ipsec.d# certutil -L -d sql:/var/lib/ipsec/nss Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ZeroSSL ECC Domain Secure Site CA - The USERTRUST Network CT,, USERTrust ECC Certification Authority - Comodo CA Limited CT,, Example CA CTu,u,u [1] https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan