strongSwan Notes

Some tips for strongSwan.

  1. Workaround for CRL retrieval timeout
    In /etc/strongswan/strongswan.conf, append the following line after load_modular = yes
  2. Deal with ca-bundle or intermediate certificates
    In short, you should extract each of these certificates as one per file.
    Take the following issuer chain as an example:
    An example issuer chain
    The intermediate certificates to be extracted are COMODORSADomainValidationSecureServerCA.pem and COMODORSACertificationAuthority.pem (bottom-up).

    Then, put these files to ../ipsec.d/aacerts/ and restart the daemon.

    Finally, the loaded certificates can be checked by ipsec listcacerts.

  3. To be continued…


Oct 14, 2017 @ 21:15

Leave a Reply

Your email address will not be published. Required fields are marked *

Please calculate * Time limit is exhausted. Please reload CAPTCHA.