strongSwan KVM Tests / ikev2 / two-certs
Test ikev2/two-certs
Description
The roadwarrior carol possesses two different X.509 certificates plus matching RSA private keys. With the first certificate carol authenticates a tunnel connection to gateway moon in order to reach client alice and presents the second certificate in order to reach client venus using the identity carol@strongswan.org for both IKE security associations. Therefore the RSA signature verification process on moon tries all candidate peer certificates until it finds the correct RSA public key.