Feature #1253
Strongswan doesn't support CA bundles
Description
It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.
If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.
Is it possible to support cert bundles for strongswan?
History
#1 Updated by Tobias Brunner about 5 years ago
- Status changed from New to Feedback
It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.
Is it possible to support cert bundles for strongswan?
There are currently no plans to add support for this.