Hi Tobias, Thanks for help, now the rightca option works as expected. But what are reasons that this option only works in case right certificate is installed? Wouldn't be a safer solution if, in case of lack of certificate mentioned in rightca option authentiaction also failed?
Best regards, John 2016-11-25 14:46 GMT+01:00 John Brown <jb20141...@gmail.com>: > Hi Tobias, > I didn't notice this warning but I'm going to test not only this scenario > but also others, hoping that with your hints, I'll manage to set this up. > Thank you for your help! > > Regards, > John > > 2016-11-25 14:37 GMT+01:00 Tobias Brunner <tob...@strongswan.org>: > >> Hi John, >> >> > Did you mean that when using rightca, I should have locally installed >> > the certificate with DN the same as provided for rightca option >> > otherwise the option is igmored? >> >> Yep. You should actually see a warning in the log, saying something >> like "CA certificate "..." not found, discarding CA constraint". >> >> Regards, >> Tobias >> >> >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users