[Openswan Users] Use of subjectAltName

Paul Wouters paul at xelerance.com
Tue Oct 26 19:37:27 EDT 2010

On Wed, 27 Oct 2010, Erich Titl wrote:

> I am trying to establish a certificate based connection to a Zywall 5,
> which is the initiator. The Zywall sends me the email address of the
> certificate as an ID and my (old 2.4.7) version of OpenSwan seems unable
> to find the corresponding certificate.
> The certificate has subjectAltName defined as the email address.
> Is there a keyword required to use subjectAltName as rightid in OpenSwan?

No. I don't think this is currectly possible. You can match on the CN= compontents.
I don't think subjectAltname is supported, though I could be wrong.


More information about the Users mailing list