[Swan] subdomain certs not accepted
Marc
Marc at f1-outsourcing.eu
Tue Jan 16 20:51:14 EET 2024
Working with the CA of the example on this page[1]
certutil -S -x -n "Example CA" -s "O=Example,CN=Example CA" \
-k rsa -g 4096 -v 12 -d sql:${HOME}/tmpdb -t "CT,," -2
certs xxx.example.com are accepted however aaa.bbbb.example.com seem to be reject.
This is not really logged, is it possible to have this logged?
in ipsec.conf
right=%any
rightid=%fromcert
rightca="Example CA"
rightxauthclient=yes
test2:/etc/ipsec.d# certutil -L -d sql:/var/lib/ipsec/nss
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
ZeroSSL ECC Domain Secure Site CA - The USERTRUST Network CT,,
USERTrust ECC Certification Authority - Comodo CA Limited CT,,
Example CA CTu,u,u
[1]
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
More information about the Swan
mailing list