[Openswan Users] X.509

Paul Wouters paul at xelerance.com
Wed Mar 2 00:39:02 CET 2005

On Tue, 1 Mar 2005, Marcus D. Leech wrote:

> I have the CA for my roadwarrior gateway setup to include subjectAltname fields
>  (IP address, and FQDN).
> How do I configure the client side so that I don't have to use the full DN
>  in the {right,left}id field?

Just use the subjectAltname in the id, eg: rightid=paul at xelerance.com
You can add rightca=%same, but I don't think that is neccessary.

> What I'd like is a policy from the client point of view that says
>  "any certificate issued by my root ca, and whose subjectAltName
>  fields 'make sense'".

The CA used for the right side will be automatically matched by the
CA of the loaded cert for the gateway using leftcert=


"At best it is a theory, at worst a fantasy" -- Michael Crichton

More information about the Users mailing list