Hi All, When I launched the strongswan as the following command, it displayed some failures about certificates. I used openssl to generate the CA and certificates. I am very sure the certificates are correct. But strongswan told me it can not load the ca. Anyone can give me some help? [r...@aaron Aaron]# ipsec restart --nofork Stopping strongSwan IPsec failed: starter is not running Starting strongSwan 4.3.6 IPsec [starter]... 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.6) 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 2 builders 00[CFG] loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' failed 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders 00[CFG] loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed 00[CFG] loaded EAP secret for aaron 00[DMN] loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke eap-mschapv2 eap-identity eap-md5 updown 00[JOB] spawning 16 worker threads charon (4707) started after 20 ms
thanks -Aaron
<<inline: image001.gif>>
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
