FantWings
commented
7 years ago 我导入了p12格式证书之后,在客户端安装了对应的证书,连接时提示以下信息:
ERROR: Peer's Certificate issuer is not recognized.
X509: Certificate rejected for this connection
Closed FantWings closed 7 years ago
FantWings
commented
7 years ago 我导入了p12格式证书之后,在客户端安装了对应的证书,连接时提示以下信息:
ERROR: Peer's Certificate issuer is not recognized.
X509: Certificate rejected for this connection
hwdsl2
commented
7 years ago @zhijun1997 Hello! This is currently not supported because the VPN client's certificates must be issued by a CA on the VPN server, in order to verify their identities. What you mentioned is similar to "opportunistic IPsec" [1] which is a new EXPERIMENTAL feature in Libreswan.
[1] https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec_using_LetsEncrypt
bugfan
commented
3 years ago 现在还是必须使用vpn server上面的ca颁发吗? 比如我想用自己从LE申请的证书,该怎么用呢?
每给一个设备设置IKEV2就要签发一次证书,而且还需要将证书手动移动到可信任列表里面,目前我自己有一份免费申请的SSL证书,能否用在IKEV2上?