[Openswan Users] no RSA public key known for 'C=..., O=...,
CN=...'
Tuomo Soini
tis at foobar.fi
Mon Jun 28 10:52:45 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
minfrin at sharp.fm wrote:
| 003 "rachel-chandler" #1: no RSA public key known for 'C=ZA, O=The Wired
| Company, CN=chandler.sharp.fm'
| 217 "rachel-chandler" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION
|
| My understanding is that the cert for chandler should be accepted, because
| it is signed by the CA, but this is not happening, so I'm definitely just
| not "getting it".
No they won't get automatically detected.
|
| The config on rachel (a road warrior), which is initiating the connection
| is this:
|
| # Connect rachel to chandler
| conn rachel-chandler
| rightid="C=ZA, O=The Wired Company, CN=chandler"
~From log message I get you should have:
~ rightid="C=ZA, O=The Wired Company, CN=chandler.sharp.fm"
| rightca="/C=ZA/ST=..."
~ rightca=%same
is enough if both ends have cert signed by same CA.
| #rightid="C=ZA, O=The Wired Company, CN=rachel"
I'd add:
~ rightid="C=ZA, O=The Wired Company, CN=rachel.sharp.fm"
| rightrsasigkey=%cert
| rightca="/C=ZA/ST=..."
and again:
~ rightca=%same
is enough.
- --
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA38A8TlrZKzwul1ERAoiNAJwPAUb4KcQuPgtpa7BOxtMtEcbiZwCfU7yL
d43Xofp0baWYHRaxZof8dHs=
=Yx8z
-----END PGP SIGNATURE-----
More information about the Users
mailing list