[Openswan Users] Problems with x509

[jean-michel.caricand at laposte.net]

Hi Paul,

I had found the solution. I'd simply made a mistake : I had forgot to copy one certificate (CA Root certificat) on my road warrior.

When I've looked /var/log/auth _ON_ my road warrior, I've understood my mistake.
 
Now I can use connexions using x509 certificates.

Thank a lot for your answer and sorry for the noise.

Cheers.


> Message du 15/12/07 20:46
> De : "Paul Wouters" <paul at xelerance.com>
> A : "Jean-Michel Caricand" <jean-michel.caricand at lifc.univ-fcomte.fr>
> Copie à : "users at openswan.org" <users at openswan.org>
> Objet : Re: [Openswan Users] Problems with x509
>
> On Sat, 15 Dec 2007, Jean-Michel Caricand wrote:
> 
> > Now I get this on client this error :
> >
> > no RSA public key known for 'C=FR, ST=Franche-Comte, O=UFR ST, OU=LIFC,
> > CN=vpn, E=lifc at univ-fcomte.fr'; DNS search for KEY failed (can only query DNS
> > for key for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR)
> 
> Your certificate did not load, or you mistyped the DN. Ideally, you
> do NOT specify the left/rightid when using certificates. Openswan picks
> the id from the leftcert/rightcert loaded certificate.
> 
> Also make sure you put the private key in /etc/ipsec.secrets, including
> the password if the key is protected by a password. See man ipsec.secrets.
> 
> Paul
> 
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 

Jean-Michel Caricand 
mail : jean-michel.caricand at laposte.net
 

 Créez votre adresse électronique prénom.nom at laposte.net 
 1 Go d'espace de stockage, anti-spam et anti-virus intégrés.