[Openswan Users] Using x.509 certificates with CA -INVALID_KEY_INFORMATION

Paul Wouters paul at xelerance.com
Thu Oct 20 16:13:56 EDT 2011

On Thu, 20 Oct 2011, tushar sharma wrote:

>> On Wed, 19 Oct 2011, tushar sharma wrote:
>>> The error I am getting on giving ipsec auto --up linux-conn is
>> Look at it with "ipsec auto --listall". Also check pluto logs for
>> any rejected certificate. One reason could be that the CN of a cert
>> is the same as the CN of the CA, which will get rejected.
>> Paul
> I checked CN of both certificates and are different from that CN of CA.
> When i tried to connect it shows invalid key information.
> ipsec auto --status
> shows both certificate loaded. but it still unable to establish connection.
> pluto logs doesnt shows any rejected certificates. I have generated
> and tried certificates using
> both openssl command line as well as easy-rsa.
> I am unable to understand what's exactly going wrong .

We cannot help you without more information from the --status and/or logfiles of pluto.


More information about the Users mailing list