[Openswan Users] AUTHENTICATION_FAILED
Paul Wouters
paul at xelerance.com
Fri Feb 15 16:18:49 EST 2008
On Fri, 15 Feb 2008, roman wrote:
> I wasted 2 days for diagnosing an almost simple issue in FreeSWan 1.99
Sorry :)
> I had to create a new root CA because the old one got expired and there was
> no source for obtaining the old password..., I created a new root CA and new
> trouble. My new CA had the same CN as one of the old ones. I know this is
> mentioned in Pauls book, but never crossed that before.
> @Paul: can you incorporate one or two lines of code giving a hint that 2
> identical CNs are loaded?
Can you give me the output of loading those two certs, starting the conn
and getting the failure, with plutodebug="all"
> At start the program reads all CAs and they remain
> in RAM, regardless of starting and stopping tunnels which use the respective
> CAs. Only ipsec restart seems to erase references to already deleted CAs in
> ipsec.d/cacert
right. But the expired CA at least should be in use anymore.
CA certs do not "belong" to a conn. They're all in one "ca cert" pool.
Paul
More information about the Users
mailing list