[Openswan Users] we require peer to have ID...
Jacco de Leeuw
jacco2 at dds.nl
Tue May 3 18:17:52 CEST 2005
androef wrote:
> But now it tells me the reason for the invalid ID information. The
> cert-info doesn't match with that from the server. (vpngw3 is the name
> of the server)
You are loading the root certificate (cacert.pem) as a server certificate:
[...]
leftcert=/etc/ipsec.d/cacerts/cacert.pem
lefttid="E=netadmin at fh-jena.de, C=DE, ST=Thueringen, L=Jena,
O=Fachhochschule Jena, OU=Servicezentrum Informatik,
CN=vpngw3-cert2"
This leftcert= overrides the leftid= statement so the "CN=vpngw3-cert2"
will be ignored. (Besides, you are also using lefttid= here. Didn't you
see an error message because of this syntax error? Remove the extra 't').
Removing the leftcert= should help. Or you could point it to the correct
server certificate, /etc/ipsec.d/certs/server.pem or whatever. And then
you remove the lefttid=.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list