[Openswan Users] X.509
Paul Wouters
paul at xelerance.com
Wed Mar 2 00:39:02 CET 2005
On Tue, 1 Mar 2005, Marcus D. Leech wrote:
> I have the CA for my roadwarrior gateway setup to include subjectAltname fields
> (IP address, and FQDN).
>
> How do I configure the client side so that I don't have to use the full DN
> in the {right,left}id field?
Just use the subjectAltname in the id, eg: rightid=paul at xelerance.com
You can add rightca=%same, but I don't think that is neccessary.
> What I'd like is a policy from the client point of view that says
> "any certificate issued by my root ca, and whose subjectAltName
> fields 'make sense'".
The CA used for the right side will be automatically matched by the
CA of the loaded cert for the gateway using leftcert=
Paul
--
"At best it is a theory, at worst a fantasy" -- Michael Crichton
More information about the Users
mailing list