[Openswan Users] no RSA public key known for 'C=..., O=..., CN=...'

minfrin at sharp.fm minfrin at sharp.fm
Sun Jun 27 16:48:34 CEST 2004 

Hi all,

I am well and truly stuck. I am trying to create a tunnel between two
machines. Each machine has an x509 cert. Both certs are signed by the same
CA, and the CA cert is placed in the cacerts directory.

When trying to bring up the tunnel, the following message is produced.
Unfortunately the message doesn't suggest what I have done wrong, nor does
it suggest what to do to solve the problem :(

[root at rachel private]# ipsec auto --verbose --up rachel-chandler
002 "rachel-chandler" #1: initiating Main Mode
104 "rachel-chandler" #1: STATE_MAIN_I1: initiate
002 "rachel-chandler" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
106 "rachel-chandler" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "rachel-chandler" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
108 "rachel-chandler" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "rachel-chandler" #1: Peer ID is ID_DER_ASN1_DN: 'C=ZA, O=The Wired
Company, CN=chandler.sharp.fm'
003 "rachel-chandler" #1: no RSA public key known for 'C=ZA, O=The Wired
Company, CN=chandler.sharp.fm'
217 "rachel-chandler" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION

My understanding is that the cert for chandler should be accepted, because
it is signed by the CA, but this is not happening, so I'm definitely just
not "getting it".

The config on rachel (a road warrior), which is initiating the connection
is this:

# Connect rachel to chandler
conn rachel-chandler
     # use RSA based authentication with certificates
     authby=rsasig
     # my side is left - the freeswan security gateway
     left=%defaultroute
     leftsubnet=164.39.8.208/32
     leftcert=rachel-hostCert.pem
     #leftid="C=ZA, O=The Wired Company, CN=rachel"
     leftrsasigkey=%cert
     right=164.49.223.165
     rightsubnet=164.49.223.165/32
     #rightnexthop=%defaultroute
     rightid="C=ZA, O=The Wired Company, CN=chandler"
     rightrsasigkey=%cert
     rightca="/C=ZA/ST=..."
     compress=yes
     auto=add

The config on chandler. which is a server that received the connection, is
as so:

# Connect rachel to chandler
conn rachel-chandler
     # use RSA based authentication with certificates
     authby=rsasig
     # my side is left - the freeswan security gateway
     left=%defaultroute
     leftsubnet=164.49.223.165/32
     leftcert=chandler-hostCert.pem
     #leftid="C=ZA, O=The Wired Company, CN=chandler"
     leftrsasigkey=%cert
     right=%any
     rightsubnet=164.39.8.208/32
     #rightid="C=ZA, O=The Wired Company, CN=rachel"
     rightrsasigkey=%cert
     rightca="/C=ZA/ST=..."
     compress=yes
     auto=add

Can anyone explain to me what on earth the message "no RSA public key
known for" means - I thought the public key of the cert came embedded with
the cert?

Any ideas of what I am doing wrong?

I am using openswan-utils-2.1.2-1.1.el3.dag and corresponding drivers for
RHEL3.

Regards,
Graham
--

More information about the Users mailing list