[Openswan Users] Using x.509 certificates without CA - INVALID_KEY_INFORMATION

[Paul Wouters]

On Sat, 14 May 2011, elison.niven at gmail.com wrote:

> ipsec.conf on both machines is similar :
> conn temp
>    left=....
>    right=.....
>    leftcert=west.cert
>    rightcert=east.cert
>    auto=add

> The error I am getting on giving ipsec auto --up temp is
> INVALID_KEY_INFORMATION.

leftid=%fromcert
rightid=%fromcert

Note that if not using CAs, you are better of just using raw RSA keys
instead of X.509 certs.

Paul