[Openswan Users] X-509 in openswan
Andreas Steffen
andreas.steffen at strongsec.net
Fri Aug 5 10:52:15 CEST 2005
Check your logs for error messages while loading the
private key file. You can repeat the loading process
by typing
ipsec auto --rereadsecrets
If the private key is loaded correctly but the command
ipsec auto --listcerts
list your certificate without the comment
..., has private key
then the public key contained in the certificate does
not match the private key.
Regards
Andreas
kumar nani wrote:
> Hello Everybody,
>
> I have installed openswan-2.3.0 on two Redhat Linux
> machines and preshared keys are working fine.I'm
> trying to setup IPSec tunnel in openswan using x509
> certificates, but keep getting told by openswan that
> it can't find my private RSA key.
>
> I have used openssl for generating certificates by
> following the instructions given in this webpage
>
> http://www.natecarlson.com/linux/ipsec-x509.php#casetup
>
>
> ipsec.conf is below
> --------------------
>
>
> conn kumar
> type=tunnel
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=xxx.xxx.xxx.xxx
> leftcert=kumar.com.pem
> right=yyy.yyy.yyy.yyy
> rightcert=nitin.com.pem
> auto=add
> pfs=yes
>
> My ipsec.secrets
> -----------------
> : RSA kumar.com.key "kumar123"
>
> When I attempt to bring up the connection, it fails,
> claiming that it cannot find my RSA key.
>
> /usr/local/sbin/ipsec auto --up naveen
>
> 104 "kumar" #1: STATE_MAIN_I1: initiate
> 003 "kumar" #1: received Vendor ID payload [Dead Peer
> Detection]
> 106 "kumar" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "kumar" #1: unable to locate my private key for
> RSA Signature
> 224 "kumar" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
>
>
> If anyone has a suggestion that might help me to solve
> this problem, I'd appreciate it greatly.
>
>
> ** Kumar **
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list