Open binyan17 opened 6 years ago
@strongswan说由于安全原因,不支持泛域名证书
确认是不支持泛域名证书。
Productive. Reliable. Fast.
On Thu, Dec 28, 2017 at 12:07 PM, maomao notifications@github.com wrote:
@strongswan https://github.com/strongswan说由于安全原因,不支持泛域名证书
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/quericy/one-key-ikev2-vpn/issues/126#issuecomment-354225146, or mute the thread https://github.com/notifications/unsubscribe-auth/AC9tCwHtGV4jKGVp8WzYhfYDk8nuPVlBks5tExQTgaJpZM4RD0xP .
你好, 目前我的情况如下: 1.使用自己生成泛域名证书 ipsec pki --pub --in servers/server.pem | ipsec pki --issue --cacert root/root.cert.pem --cakey root/root.pem --dn "C=US, ST=California, L=Los Angeles, O=Google, OU=Google Technology Company Ltd, CN=.vpn.xxxx.com" --san="vpn.xxxx.com" --san=".vpn.xxxx.com" --lifetime 3650 --flag serverAuth --flag ikeIntermediate --outform pem > servers/server.cert.pem 2.ipsec.conf 配置的leftid是tom-02.vpn.xxxx.com
请问是strongswan不支持泛域名证书吗?需要怎么配置,谢谢!