[Openswan Users] X.509 certificate rejected
Paul Wouters
paul at xelerance.com
Tue Mar 16 15:07:36 EDT 2010
On Tue, 16 Mar 2010, goog long wrote:
> After copying 00.pem and 01.pem from the issuer to the host at /etc/ipsec.d/cacerts, "issuer cacert not found" error is gone. However, the following
> error from server log is still around:
I don't know what 00.pem or 01.pem is, but you should only need to CAcert.pem in cacerts/
> Mar 16 10:17:47 host-lx pluto[30296]: "roadwarrior"[1] 192.168.50.2 #1: no RSA public key known for '192.168.50.2'
You're likely missing an entry in ipsec.secrets to load the private
host key (not private CA key - that key should be on none of the ipsec
systems involved). See 'man ipsec.secrets'
Paul
More information about the Users
mailing list