[Openswan Users] Problems with x509
Paul Wouters
paul at xelerance.com
Sat Dec 15 14:50:02 EST 2007
On Sat, 15 Dec 2007, Jean-Michel Caricand wrote:
> Now I get this on client this error :
>
> no RSA public key known for 'C=FR, ST=Franche-Comte, O=UFR ST, OU=LIFC,
> CN=vpn, E=lifc at univ-fcomte.fr'; DNS search for KEY failed (can only query DNS
> for key for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR)
Your certificate did not load, or you mistyped the DN. Ideally, you
do NOT specify the left/rightid when using certificates. Openswan picks
the id from the leftcert/rightcert loaded certificate.
Also make sure you put the private key in /etc/ipsec.secrets, including
the password if the key is protected by a password. See man ipsec.secrets.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list