[Openswan Users] no connection authorized...

Jacco de Leeuw jacco2 at dds.nl
Wed Dec 8 19:45:35 CET 2004


> Dec  7 18:20:46 ipcop pluto[3084]: Changing to directory 
> '/etc/ipsec.d/cacerts'
> Dec  7 18:20:46 ipcop pluto[3084]:   loaded cacert file 'cakey.pem' 
> (1679 bytes)
> ==>Dec  7 18:20:46 ipcop pluto[3084]:   error in X.509 certificate
> Dec  7 18:20:46 ipcop pluto[3084]:   loaded cacert file 'cacert.pem' 
> (1753 bytes)

False alarm. It looks like this is your CA's private key. Openswan attempts
to load it as a certificate which of course it isn't. Move it out of the
/etc/ipsec.d/cacerts directory to a safe place and you should not get
the error.

Presumably hostcert.pem and ronlaptopcert.pem have been signed by the
CA with this key, right?

You might have got to post your ipsec.conf. And the Windows client config
too. Are you using the IPSEC.EXE tool by Marcus Mueller?

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list