[Openswan Users] X.509 certificate rejected

Paul Wouters paul at xelerance.com
Tue Mar 16 15:07:36 EDT 2010

On Tue, 16 Mar 2010, goog long wrote:

> After copying 00.pem and 01.pem from the issuer to the host at /etc/ipsec.d/cacerts, "issuer cacert not found" error is gone. However, the following
> error from server log is still around:

I don't know what 00.pem or 01.pem is, but you should only need to CAcert.pem in cacerts/

> Mar 16 10:17:47 host-lx pluto[30296]: "roadwarrior"[1] #1: no RSA public key known for ''

You're likely missing an entry in ipsec.secrets to load the private
host key (not private CA key - that key should be on none of the ipsec
systems involved). See 'man ipsec.secrets'


More information about the Users mailing list