[Openswan Users] cert problem with new 2.6.21 version
Paul Wouters
paul at xelerance.com
Tue Apr 7 13:37:06 EDT 2009
On Tue, 7 Apr 2009, weirauch at checkmobile.de wrote:
> Apr 7 15:52:08 vpn pluto[32746]: "l2tp-X.509"[1] 85.182.252.146 #1:
> unable to locate my private key for RSA Signature
Is your private key in /etc/ipsec.d/private/ ?
Do you have an entry for it in /etc/ipsec.secrets ?
If the key file is password protected, did you specify the password in ipsec.secrets?
Are you sure the public cert plus the private key belong together
and are not from different key/cert installs?
> conn l2tp-X.509
> authby=rsasig
> left=87.XXX.XXX.140
> leftcert=/etc/ipsec.d/certs/vpncm_mcert.pem
> rightcert=/etc/ipsec.d/certs/macpwneu.pem
> content of /etc/ipsec.d/certs
>
> -rw-r--r-- 1 root root 1094 Apr 7 15:21 macpwneu.pem
> -rw-r--r-- 1 root root 1139 Mar 5 09:50 vpncm_mcert.pem
>
> and in /etc/ipsec.d/cacerts
> is the ca key with which those two keys were signed.
Note that loading the REMOTE certificate by specifying a file
as you did for rightcert= will bypass all CA checks. The key
is considerd "trusted" because you got it from disk.
You can use ipsec auto --listall to debug this further.
Paul
More information about the Users
mailing list