[Openswan Users] Problem with certificate
Paul Wouters
paul at xelerance.com
Sun Nov 9 19:47:50 EST 2008
On Sun, 9 Nov 2008, Tobias Gruber wrote:
> But if I use certifiactes it doesnt work.
> I have added on the server: serverKey.pem -> private serverCert.pem ->
> certs caCert.pem -> cacerts
> on the client: client1Key.pem -> private client1Cert.pem -> certs
> caCert.pem -> cacerts
>
> in the configs I added:
> authby=rsasig
> leftcert=%cert
> rightcert%cert
You need to specify the local cert, so on the server, you would use:
leftcert=serverCert.epm
and you would not specify rightcert=
> But if I initial a connection, in the server auth.log comes: no RSA
> public key for 10.x.x.x <- IP from Client
> I thought ike transfers the certificate from the client to the server so
> he can validate it
Yes, it is complaining about not knowing its local public cert (which
it would transfer via IKE to the peer)
> I use on the client openswan 2.4.9, on the server 2.4.6
Upgrading would be good in general :)
Paul
More information about the Users
mailing list