6.1 Loading private key files in PKCS#1 format
6.2 Entering passphrases interactively
6.3 Multiple private keys
- 7. Configuring CA properties - ipsec.\ 1onf
+ 7. Configuring CA properties - ipsec.conf
8. Smartcard support
8.1 Configuring a smartcard-based connection
8.2 Entering the PIN code
part of the certificate request message when strongSwan is the initiator.
A special case occurs when strongSwan responds to a roadwarrior. If several
roadwarrior connections based on different CAs are defined then all eligible
-CAs will be listed in Pluto\92s certificate request message.
+CAs will be listed in Pluto�s certificate request message.
4.9 IPsec policies based on group attributes
if self-signed certificates are used which wouldn't be accepted any way by
the other side. In these cases it is recommended to add
- leftsendcert=never
+ leftsendcert=never
to the connection definition[s] in order to avoid the sending of the host's
own certificate. The default value is
- leftsendcert=always.
+ leftsendcert=ifasked
+
+If a peer does not send a certificate request then use the setting
+
+ leftsendcert=always
If a peer certificate contains a subjectAltName extension, then an alternative
rightid type can be used, as the example "conn sun" shows. If no rightid
Copyright (c) 2000, Kai Martius
X.509, OCSP and smartcard functionality:
-°
+
Copyright (c) 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann
Copyright (c) 2001, Marco Bertossa, Andreas Schleiss
Copyright (c) 2002, Uli Galizzi, Ariane Seiler, Mario Strasser
for more details.
-----------------------------------------------------------------------------
-This file is RCSID $Id: README,v 1.38 2007/01/14 18:16:51 as Exp $
-
projects / strongswan.git / blobdiff