I have a 4.4.0 installation of strongSwan on one RHEL51 box, on which I've
configured a CA using 'ipsec pki ...' as described on the strongswan online
docs, as well as on a RHEL46 box which attempts to establish a VPN to a Cisco
ASA. I generated RSA 2048 keys for the CA and the client, self-signed a new CA
cert which I then used to issue a cert for the client. All straightforward. I
installed the CA cert and client cert/key on the client, leaving everything in
DER format. Pluto opens these files and progresses nominally, at first, with
the parse and then appears to choke at the point of 'subjectPublicKeyInfo'.
With 'plutodebug=all', the following appears in /var/log/secure...
L2 - subjectPublicKeyInfo:
-- > --
-- < --
002 error in X.509 certificate
Yet 'openssl x509 -in cacert.der -inform DER -text -noout' parses the cert
successfully and reports the subject public key properly. Might there be a DER
problem, should I try PEM (it seems unlikely, I know)?
Bill
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
