[Swan] IPSec tunnel with different intermediate CA certs
Paul Wouters
paul at nohats.ca
Fri Nov 3 11:48:56 EET 2023
On Fri, 3 Nov 2023, Gayathri Manoj wrote:
> Please let me know if the below configuration works for an ipsec connection which is implemented through libreswan
> package.
>
> -> Certificate based ipsec configuration.
> -> NodeA is configured with root CA signed certificate
> -> NodeB cert is signed by Intermediate CA1 (Intermediate CA should inturn signed by same root CA as above)
> -> NodeC cert is signed by the intermediate CA2 (Intermediate CA should inturn signed by same root CA as above)
>
> Please let me know is it possible to establish an ipsec connection between nodeA and nodeB , Also between NodeB and
> nodeC
Yes. If you properly create PKCS#12 with the bindle containing the
intermediate as well and import that using "ipsec import file.p12".
You might need to use sendca=issuer or sendca=all
Paul
More information about the Swan
mailing list