Irrespective whether the FortiGate server certificate is directly issued
by a Root CA or by an Intermediate CA, the Root CA is always sent to the
IPsec VPN client in the CERT payload of the IKE_AUTH response. This
doesn't make any sense since no peer...
I'm enabling IKEv2 digital signatures with rsa-pss on a FortiGate VPN
Gateway: config vpn ipsec phase1-interface edit "xyz" ... set
digital-signature-auth enable set signature-hash-alg sha1 sha2-256
sha2-384 set rsa-signature-format pss nextendWhen t...
As a workaround until Fortinet adds the alternative RSA-PSS
algorithmIdentifiers for SHA256, SHA384, and SHA512, the strongswan.conf
optioncharon.rsa_pss_trailerfield = yeswill generate an
algorithmIdentifier containing an explicit trailerfield entry...
Ok, I found the reason for the RSA-PSS-SHA2_256 signature verification
error. The FortiOS implements the default ASN.1 AlgorithmIdentifier
defined in Appendix A.4.3 of RFC 7427: 0000 : SEQUENCE 0002 : OBJECT
IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1....
