[Openswan Users] Strange Problem with X509 certificates

Rolf Offermanns roffermanns at sysgo.com
Mon Dec 13 09:25:38 CET 2004

Lists CC wrote:
> I then setup a second gateway, the procedure was the same. The strange 
> thing is that i cannot connect: i export the .DER of the CA and import 
> it on the Client, i export the PKCS12 certificate and import in the 
> client but the connection gives me, server side, an "INVALID ID 
> NOTIFICATION". It seems that the Linux IPSEC Gateway does not like the 
> ID that the client  sends. The configuration is the same of the first 
> machine.
> Where can i look?

What did you specify as ID in your /etc/ipsec.conf?
Can you post the relevant pieces from your Logfiles?

First guess:
If you specify an Fully qualified username or a FQDN you
*have to* specify these as "SubjectAlternativeName" in your
Certificate. Otherwise OpenSwan will not accept it.

Rolf Offermanns <roffermanns at sysgo.com>
SYSGO AG     Tel.: +49-6136-9948-0
Am Pfaffenstein 14   Fax: +49-6136-9948-10
55270 Klein-Winternhein  http://www.sysgo.com

More information about the Users mailing list