[Openswan Users] Using x.509 certificates with CA -INVALID_KEY_INFORMATION
Paul Wouters
paul at xelerance.com
Thu Oct 20 16:13:56 EDT 2011
On Thu, 20 Oct 2011, tushar sharma wrote:
>> On Wed, 19 Oct 2011, tushar sharma wrote:
>>
>>> The error I am getting on giving ipsec auto --up linux-conn is
>>> INVALID_KEY_INFORMATION.
>>
>> Look at it with "ipsec auto --listall". Also check pluto logs for
>> any rejected certificate. One reason could be that the CN of a cert
>> is the same as the CN of the CA, which will get rejected.
>>
>> Paul
>>
> I checked CN of both certificates and are different from that CN of CA.
> When i tried to connect it shows invalid key information.
>
> ipsec auto --status
> shows both certificate loaded. but it still unable to establish connection.
>
> pluto logs doesnt shows any rejected certificates. I have generated
> and tried certificates using
> both openssl command line as well as easy-rsa.
>
> I am unable to understand what's exactly going wrong .
We cannot help you without more information from the --status and/or logfiles of pluto.
Paul
More information about the Users
mailing list