The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
<b>venus</b> by means of two different Intermediate CAs. Access to
<b>alice</b> is granted to users presenting a certificate issued by the Research CA
whereas <b>venus</b> can only be reached with a certificate issued by the
Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
<p/>
The gateway <b>moon</b> doesn't have the intermediate CA certificate installed
and instead of sending the actual certificates, the two clients send "Hash and URL"
certificate payloads. The gateway fetches the certificates via HTTP from server
<b>winnetou</b>.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / swanctl / rw-hash-and-url-multi-level