[Openswan Users] X.509 certificate rejected
Paul Wouters
paul at xelerance.com
Tue Mar 16 01:26:32 EDT 2010
On Mon, 15 Mar 2010, goog long wrote:
> Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: issuer cacert not found
> Mar 15 15:19:19 host-lx pluto[12210]: "roadwarrior-net"[4] 192.168.50.2 #4: X.509 certificate rejected
Looks like the server has no CA installed that signed the host certificate of the road warrior.
(nor an intermediate CA)
> conn roadwarrior-net
> leftsubnet=192.168.50.0/255.255.255.0
> also=roadwarrior
>
> conn roadwarrior
> # left=%defaultroute
> left=192.168.50.2
> leftcert=clienthost.example.com.pem
> right=192.168.50.1
> rightsubnet=host.example.com.pem
That last line is wrong. subnet should not be a cert.
Paul
More information about the Users
mailing list