Project

General

Profile

Feature #1253

Strongswan doesn't support CA bundles

Added by Anon Ymous over 6 years ago. Updated over 6 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Start date:
06.01.2016
Due date:
Estimated time:
Resolution:

Description

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

History

#1 Updated by Tobias Brunner over 6 years ago

  • Status changed from New to Feedback

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

There are currently no plans to add support for this.

Also available in: Atom PDF