strongSwan

h1. ca <name>

_also = <section name>_

p((. includes ca section <name>.

_auto = *ignore* | add_

_cacert = <path>_

p((. defines a path to the CA certificate either relative to _/etc/ipsec.d/cacerts_ or as an absolute path.

_crluri = <uri>_

p((. defines a CRL distribution point (ldap, http, or file URI).

_crluri1_ _crluri1 = <uri>_

p((. synonym for _crluri_.

_crluri2 = <uri>_

p((. defines an alternative CRL distribution point (ldap, http, or file URI).

_ldaphost = <hostname>_

p((. defines an ldap host. Currently used by IKEv1 only.

_ocspuri = <uri>_

p((. defines an OCSP URI.

_ocspuri1_ _ocspuri1 = <uri>_

p((. synonym for _ocspuri_.

_ocspuri2 = <uri>_

p((. defines an alternative OCSP URI. Currently used by IKEv2 only.

_certuribase = <uri>_

p((. defines the base URI for the [[HashAndUrl|Hash and URL]] feature supported by IKEv2.
Instead of exchanging complete certificates, IKEv2 allows to send an URI
that resolves to the DER encoded certificate. The certificate URIs are built
by appending the SHA1 hash of the DER encoded certificates to this base URI.