[Swan] Certificate/ID validation requirements
Paul Wouters
paul at nohats.ca
Sat Sep 2 00:40:34 EEST 2023
On Sep 1, 2023, at 14:53, Nels Lindquist <nlindq at maei.ca> wrote:
>
> I noted in a previous email thread that newer versions do more stringent certificate validating; the endpoint which is failing is version 4.7. Clients are Windows, btw.
Windows checks its own certificate chain validity and if not valid won’t use the certificate. Apple products just use their end certificate and as long as they can validate the server cert, they don’t care about the client cert not having a valid path.
> Is what I'm trying to do even possible with later versions? What attributes of the CA certificate are being used to validate the chain?
Not with windows, they need a new valid PKCS12 certificate bundle.
Note for the server you can use a LetsEncrypt certificate and it will validate for the clients. You don’t have to have to same CA for both ends.
Paul
More information about the Swan
mailing list