Feature #1253: Strongswan doesn't support CA bundles - strongSwan

Feature #1253

Strongswan doesn't support CA bundles

Added by Anon Ymous almost 5 years ago. Updated almost 5 years ago.

Status:

Feedback

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

06.01.2016

Due date:

Estimated time:

Resolution:

Description

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

History

#1 Updated by Tobias Brunner almost 5 years ago

Status changed from New to Feedback

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

There are currently no plans to add support for this.

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues

Feature #1253

Strongswan doesn't support CA bundles

History

#1 Updated by Tobias Brunner almost 5 years ago