Openswan's rightid=%fromcert option does not load the correct certificate

Solution Verified - Updated -


When using certificates for IPsec tunnel negotiation with openswan, the peer's ID needs to be the DN string from the certificate that the peer is offering. I'm trying to use rightid=%fromcert to load the ID from the certificate that the peer sent, but it does not seem to work.


  • Red Hat Enterprise Linux 6
  • openswan-2.6.32-19.el6_3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content