Hello out there,
first of all a reference to my question on stackexchange which finally brought me here can be found in .
I'm trying to realize the following scenario. Two hosts, Alice and Bob want to communicate using x509 certificates. The certificate structure is as follows:
RootCA -> SubCA_A -> Alice
RootCA -> SubCA_B -> Bob
Alice has the following certificates
Alice.crt (contains Alice' and SubCA_A's certificate)
while Bob has these certs installed
Bob.crt (contains Bob's and SubCA_B's certificate)
No when Alice wants to authenticate herself to Bob, she send him "Alice.crt". Bob verifies SubCA_A's signature of Alice' certificate and the RootCA's signature of the SubCA_A certificate and grants access (or not).
I am wondering if racoon can handle the certificate bundles as described above and how to create and configure them correctly. I am using a workaround at the moment, which basically means that I have installed all intermediate CA certificates on every host. But that becomes a problem when using more than a single intermediate CA for certificates.
According to RFC5996 (IKEv2) "Implementations MUST be capable of being configured to send and
accept up to four X.509 certificates in support of authentication", but I cannot figure out how to get racoon working with PEM bundles, it always only reads the first certificate of a bundle and ignores whatever follows below.
Any help, hint or explanation is greatly appreciated.