[Swan] Question/troubleshooting x509 w/ intermediate & root CA

Paul Wouters paul at nohats.ca
Fri Sep 23 16:26:49 UTC 2016

On Fri, 23 Sep 2016, Bryan Harris wrote:

> And I notice when I go back to my old certs that were working, I can see the RSA public key in the ipsec auto --listall output.  I
> wonder, if anyone knows, why does the cert not come across the line when I'm using the new configuration?  If I look at the logs, I
> see that it doesn't work, but I don't understand why.

you can try running with plutodebug=x509 enabled
(or run ipsec whack --debug-x509 before trying to
bring up the connection)


More information about the Swan mailing list