Project

General

Profile

Feature #1253

Strongswan doesn't support CA bundles

Added by Anon Ymous almost 5 years ago. Updated almost 5 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
06.01.2016
Due date:
Estimated time:
Resolution:

Description

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

History

#1 Updated by Tobias Brunner almost 5 years ago

  • Status changed from New to Feedback

It looks like strongswan doesn't support CA bundle PEMs (ie Multiple root and intermediate certs in a single PEM file).
Bundles have to be split into individual certs for strongswan to validate the chain.

If a bundle is put into /ipsec.d/cacerts/, strongswan will only read the first cert into its CA list.

Is it possible to support cert bundles for strongswan?

There are currently no plans to add support for this.

Also available in: Atom PDF