[Openswan Users] no RSA public key known for 'C=..., O=...,
CN=...'
Tuomo Soini
tis at foobar.fi
Mon Jun 28 14:50:17 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graham Leggett wrote:
| Can you explain to me what "no RSA public key known for" means in plain
| language? I honestly don't have the faintest idea how to tell openswan
| what the public RSA key should be, apart from specifying a CA certificate.
Exactly what it does say. It can't match any connection entry with your
RSA public key because you had wrong id string.
| So in other words, it should have this:
|
| rightid="C=ZA..."
| rightca=%same
rightca=%same
or
leftca=%same
specify that certificate on other end need to be signed by same CA.
If remot end has certificate signed by different CA you can give
rightca="C=ZA,.." and have that certificate in your certificate storage
of course. But this way you can limit that remote end need to have
certificate signed by this exact CA.
- --
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA3/foTlrZKzwul1ERAlvSAJ4p2h0OwGFexMajlMdXO1LDmRc4pACfZdkP
qb6QfvgVhkYhdyld2o6K7VE=
=FmLZ
-----END PGP SIGNATURE-----
More information about the Users
mailing list