[Openswan Users] no RSA public key known for 'C=..., O=..., CN=...'

Mon Jun 28 11:56:00 CEST 2004

Tuomo Soini wrote:

> | 003 "rachel-chandler" #1: no RSA public key known for 'C=ZA, O=The Wired
> | Company, CN=chandler.sharp.fm'
> | 217 "rachel-chandler" #1: STATE_MAIN_I3: INVALID_KEY_INFORMATION

Can you explain to me what "no RSA public key known for" means in plain 
language? I honestly don't have the faintest idea how to tell openswan 
what the public RSA key should be, apart from specifying a CA certificate.

I know the CA certificate is being read and parsed, because it says so 
in /var/log/messages on startup, and no error messages are present to 
indicate there is anything wrong with the CA certificate.

> ~From log message I get you should have:
> 
> ~       rightid="C=ZA, O=The Wired Company, CN=chandler.sharp.fm"
> 
> |      rightca="/C=ZA/ST=..."
> ~       rightca=%same
> 
> is enough if both ends have cert signed by same CA.
> 
> |      #rightid="C=ZA, O=The Wired Company, CN=rachel"
> 
> I'd add:
> 
> ~       rightid="C=ZA, O=The Wired Company, CN=rachel.sharp.fm"
> 
> |      rightrsasigkey=%cert
> |      rightca="/C=ZA/ST=..."
> 
> and again:
> 
> ~       rightca=%same
> 
> is enough.

So in other words, it should have this:

rightid="C=ZA..."
rightca=%same

on both sides, and I should expect it to work?

Regards,
Graham
--