[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert
From: "Modster, Anthony" <Anthony.Modster () Teledyne ! com>
Date: 2018-11-29 17:25:11
Message-ID: F03BEFDFC2B8F7489DE861AE1958D3BAA2E80069 () ENT-PPMSG-MBX01 ! TDY ! Teledyne ! com
[Download RAW message or body]
Thanks
-----Original Message-----
From: Tobias Brunner <tobias@strongswan.org>
Sent: Thursday, November 29, 2018 5:12 AM
To: Modster, Anthony <Anthony.Modster@Teledyne.com>; users@lists.strongswan.org
Cc: Wong, Richard <Richard.Wong@Teledyne.com>
Subject: Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert
Hi Anthony,
> ? can VICI be configured to load a specific SCA cert per VPN (would
> this help)
That doesn't make a difference. As mentioned, only the identity is relevant on the \
client. So unless you can get the server to send a TLS certificate request only for \
a specific intermediate CA you can't control the client's certificate selection if \
you use the same identity for both end-entity certificates. Similarly, on the server \
side, where strongSwan sends TLS certificate requests for all available CA \
certificates (i.e. like the certs option, the cacerts option is only relevant for \
IKE, not for EAP-TLS).
Regards,
Tobias
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic