[Swan] how/where to configure list of 'valid' certs
Marc
Marc at f1-outsourcing.eu
Sun Jan 14 17:14:55 EET 2024
strangely this:
rightid="O=Example,CN=android13client.example.com"
and
rightid="CN=android13client.example.com"
allows access, however
rightid="CN=*.example.com"
does not (on android strongswan client)
But this does not really solve my problem. When I issue certs for client1.example.com, client2.example.com, client3.example.com, matching against *.example.com is ok. Until I do not want client2.example.com to have access.
Or is there some sort of certificate revoke file I can configure somewhere?
>
> You use rightid= and match using x509 wildcards. Eg place those you want to
> connect in the same Organizarional Unit OU=foo and match the variable part
> with *, eg CN=*
>
> Sent using a virtual keyboard on a phone
>
> > On Jan 14, 2024, at 08:30, Marc <Marc at f1-outsourcing.eu> wrote:
> >
> >
> > Currently I am using
> > rightca="Example CA"
> >
> > I would expand this with only a list of certificates that is allowed to
> connect. How/where/what is best to do this? Can this list be documented in
> the secrets file?
> >
> >
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list