[Openswan Users] certificate match failing
Paul Wouters
paul at xelerance.com
Wed Nov 30 00:52:28 CET 2005
On Tue, 29 Nov 2005, bob at computerisms.ca wrote:
>
> Nov 29 12:01:19 megareporting pluto[21388]: | requested CA: '%any'
> Nov 29 12:01:19 megareporting pluto[21388]: | refine_connection: starting
> with g
> ate.to.mega
> Nov 29 12:01:19 megareporting pluto[21388]: | match_id a=C=CA,
> ST=Yukon, L=Wh
> itehorse, O=Computerisms, OU=NetworkAdministration,
> CN=gatelian.computerisms.ca,
> E=bob at computerisms.ca
> Nov 29 12:01:19 megareporting pluto[21388]: | b=207.189.252.14
> Nov 29 12:01:19 megareporting pluto[21388]: | results fail
> Nov 29 12:01:19 megareporting pluto[21388]: | trusted_ca called with
> a=C=CA, S
> T=Yukon, O=Computerisms, OU=NetworkAdministration,
> CN=ComputerismsRootCertificat
> e, E=bob at computerisms.ca b=(empty)
>
> Obviously, the problem is in the matching b entry, one is empty, and one
I wouldn't say that. IP addresses are not hardcoded incertificates usually.
Put an 'ipsec barf' output up on a website and send another email to the list.
Using that information, we can actually see what is going wrong.
Paul
More information about the Users
mailing list