[Openswan Users] My private keys not showing up with --listall

Brad Johnson bjohnson at astrocorp.com
Tue Oct 14 08:45:07 EDT 2008


I have noticed that the public keys do not show up in the --listall 
output until you actually include the certificate in a security 
association (i.e. leftcert=/etc/ipsec.d/certs/firewall-cert.der).

...Brad Johnson

OCG Technical Support wrote:
>
> I’m new to IPsec so forgive me if I’m missing something obvious here! 
> Here’s what I’ve done:
>
> 1. I create a private key for my ipsec gateway with the command:
>
> openssl req -new -keyout firewall-private-key.pem -out 
> firewall-request.der
>
> 2. I copied the “firewall-private-key.pem” to /etc/ipsec.d/private
>
> 3. I use my Windows 2003 CA to generate a “web server” certificate, 
> pasting in the key from the stop above
>
> 4. I got the generated certificates in DER and Base64 format, and 
> copied them into my gateway’s /etc/ipsec.d/certs folder as 
> “firewall-cert.der”
>
> 5. I edited my /etc/ipsec.secrets to include this line
>
> : RSA firewall-private-key.pem "password
>
> 6. I restarted ipsec, and there are no errors
>
> 7. I ran “ipsec auto –listall” and here’s what I see:
>
> 000
>
> 000 List of Public Keys:
>
> 000
>
> 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
>
> 000 1: RSA (none) (none)
>
> 000 1: RSA (none) (none)
>
> 000
>
> 000 List of X.509 CA Certificates:
>
> 000
>
> 000 Oct 14 01:16:41 2008, count: 1
>
> 000 subject: 'DC=ca, DC=ocg, CN=OCG Certificate Authority'
>
> 000 issuer: 'DC=ca, DC=ocg, CN=OCG Certificate Authority'
>
> 000 serial: 1b:47:28:ee:e3:c6:a3:b9:4d:b7:a8:38:c4:67:27:90
>
> 000 pubkey: 2048 RSA Key AwEAAcBVF
>
> 000 validity: not before Sep 28 23:06:37 2006 ok
>
> 000 not after Sep 28 23:14:33 2031 ok
>
> 000 subjkey: 0f:b6:1e:93:77:70:64:c1:77:32:f3:24:47:49:15:3f:58:ea:20:95
>
> Why is my private key not showing up? My CA key shows up....
>
> Should my public key show up in the list?
>
> I’m lost...
>
> Thanks,
>
> Michelle
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   


More information about the Users mailing list