[Openswan Users] Regarding Self Signed ceretificate usage with openswan...
Somashekar S V (svs)
svs at cisco.com
Fri Aug 27 08:04:58 EDT 2010
Hi All,
Currently we installed openswan version "openswan-2.4.12-32.el4" on our
machines and tried to bring up
the IPSEC connection between them using X.509 self signed certificate.
However the IKE bring up fails
with the following message
Aug 26 21:41:12 ccm111 authpriv 4 pluto[25840]: "ipsecx509" #11: end
certificate with identical subject and issuer not accepted
Aug 26 21:41:12 ccm111 authpriv 4 pluto[25840]: "ipsecx509" #11: X.509
certificate rejected
Does openSWAN rejects self signed x.509 certificates? How to get rid of
this issue?
Rgds, Som.
Here is my left and right side of the configuration:
Left side:
=======
conn ipsecx509
left=10.78.104.76
right=10.78.104.111
type=transport
auth=esp
authby=rsasig
leftrsasigkey=%cert
leftcert=/usr/local/platform/.security/ipsec/certs/ipsec.pem
rightrsasigkey=%cert
rightcert=/usr/local/platform/.security/ipsec/certs/ipsec.pem
ike=3des-sha1
esp=3des-sha1
auto=start
Right side:
========
conn ipsecx509
right=10.78.104.76
left=10.78.104.111
type=transport
auth=esp
authby=rsasig
leftrsasigkey=%cert
leftcert=/usr/local/platform/.security/ipsec/certs/ipsec.pem
rightrsasigkey=%cert
rightcert=/usr/local/platform/.security/ipsec/certs/ipsec.pem
ike=3des-sha1
esp=3des-sha1
auto=sta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100827/25b714c5/attachment.html
More information about the Users
mailing list