[Openswan Users] end certificate with identical subject and issuer not accepted
Albert Chin
openswan-users at mlists.thewrittenword.com
Fri Nov 24 00:05:40 EST 2006
What does the following mean?
002 "tww" #2: Main mode peer ID is ID_FQDN: '@vpn.thewrittenword.com'
002 "tww" #2: end certificate with identical subject and issuer not accepted
002 "tww" #2: X.509 certificate rejected
I have the following in tww.conf:
leftid=china at thewrittenword.com
leftcert=china at thewrittenword.com.crt
leftsendcert=always
rightrsasigkey=%cert
rightid=@vpn.thewrittenword.com
rightcert=vpn.thewrittenword.com.crt
I am able to establish an ipsec connection but I'd like to get the
X.509 peer certificate validated.
The vpn.thewrittenword.com.crt certificate has the following:
$ openssl x509 -in certs/vpn.thewrittenword.com.crt -text | grep Subject
...
Subject: C=US, ST=Illinois, L=Roselle, O=The Written Word, Inc., CN=vpn.thewrittenword.com/emailAddress=security at thewrittenword.com
...
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:vpn.thewrittenword.com
Are self-signed CA certs summarily rejected?
--
albert chin (china at thewrittenword.com)
More information about the Users
mailing list