[Openswan Users] why does openswan complain INVALID_ID_INFORMATION? please help

sean dai sean_dai at yahoo.com
Sun Apr 30 17:58:54 CEST 2006


"Paul" wrote:
> Can you show ipsec auto --listall from that end, so
we can
see if the certificates and private key loaded
properly?

Here is the output of "ipsec auto --listall" on the
west side:

root@/etc/ipsec.d/cacerts%> ipsec auto --listall
000
000 List of Public Keys:
000
000 Apr 30 18:36:42 2006, 1024 RSA Key AwEAAcOKq,
until Apr 28 22:46:39 2007 ok
000        ID_DER_ASN1_DN 'C=ca, ST=ontario,
O=xelerance, OU=support staff, CN=east,
E=east at xelerance.com'
000        Issuer 'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000 Apr 30 18:36:02 2006, 1024 RSA Key AwEAAdBp2,
until Apr 28 22:35:52 2007 ok
000        ID_DER_ASN1_DN 'C=ca, ST=ontario,
O=xelerance, OU=support staff, CN=west,
E=west at xelerance.com'
000        Issuer 'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000
000 List of X.509 End Certificates:
000
000 Apr 30 18:36:02 2006, count: 2
000        subject: 'C=ca, ST=ontario, O=xelerance,
OU=support staff, CN=west, E=west at xelerance.com'
000        issuer:  'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        serial:   01
000        pubkey:   1024 RSA Key AwEAAdBp2, has
private key
000        validity: not before Apr 28 22:35:52 2006
ok
000                  not after  Apr 28 22:35:52 2007
ok
000        subjkey: 
bc:0c:44:19:3e:25:38:18:8e:bf:9b:38:37:f1:db:8a:b7:6e:82:20000
       authkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       aserial:  00:a6:d8:7b:b4:a6:20:88:a8
000
000 List of X.509 CA Certificates:
000
000 Apr 30 18:36:02 2006, count: 1
000        subject: 'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        issuer:  'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        serial:   00:a6:d8:7b:b4:a6:20:88:a8
000        pubkey:   1024 RSA Key AwEAAc3bY
000        validity: not before Apr 28 22:29:45 2006
ok
000                  not after  Apr 25 22:29:45 2016
ok
000        subjkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       authkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       aserial:  00:a6:d8:7b:b4:a6:20:88:a8


On the east side:
[root at east cacerts]# ipsec auto  --listall
000
000 List of Public Keys:
000
000 Apr 30 13:36:29 2006, 1024 RSA Key AwEAAcOKq,
until Apr 28 22:46:39 2007 ok
000        ID_DER_ASN1_DN 'C=ca, ST=ontario,
O=xelerance, OU=support staff, CN=east,
E=east at xelerance.com'
000        Issuer 'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000
000 List of X.509 End Certificates:
000
000 Apr 30 13:36:29 2006, count: 1
000        subject: 'C=ca, ST=ontario, O=xelerance,
OU=support staff, CN=east, E=east at xelerance.com'
000        issuer:  'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        serial:   02
000        pubkey:   1024 RSA Key AwEAAcOKq, has
private key
000        validity: not before Apr 28 22:46:39 2006
ok
000                  not after  Apr 28 22:46:39 2007
ok
000        subjkey: 
48:94:66:dd:a3:26:a6:d3:ad:be:9e:8f:97:36:c0:b1:c1:5b:b9:df000
       authkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       aserial:  00:a6:d8:7b:b4:a6:20:88:a8
000
000 List of X.509 CA Certificates:
000
000 Apr 30 13:36:29 2006, count: 1
000        subject: 'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        issuer:  'C=ca, ST=ontario, L=toronto,
O=xelerance, OU=support staff, CN=xelerance root ca,
E=ca at xelerance.com'
000        serial:   00:a6:d8:7b:b4:a6:20:88:a8
000        pubkey:   1024 RSA Key AwEAAc3bY
000        validity: not before Apr 28 22:29:45 2006
ok
000                  not after  Apr 25 22:29:45 2016
ok
000        subjkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       authkey: 
7c:85:88:ba:b1:a4:50:07:85:b9:12:05:3b:7d:d9:a6:fe:46:33:42000
       aserial:  00:a6:d8:7b:b4:a6:20:88:a8


/sean

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the Users mailing list