[Swan] Guidance for "complex multi CA certificate situations"
Nels Lindquist
nlindq at maei.ca
Fri Aug 18 21:45:37 EEST 2023
Hi, all.
While we transition from certificates signed by our expiring internal
CA, I'd like to be able to use client certificates signed by either the
old or new CA for VPN access.
The manpage is a little sparse on details; the only reference is under
leftca referring to possible counterexamples to using rightca=%same.
So... can leftca/rightca take multiple values? Can there be multiple
parallel connection definitions with different certificates/CAs for the
same functionality? Or something else entirely?
Thanks!
--
Nels Lindquist
nlindq at maei.ca
More information about the Swan
mailing list