Hi Tobias
Thank you so much for all the help in solving this issue iam facing.
You are right iam getting the same error when i use the -check option for
the priv key files. I will try to see why its so? Will get back to you with
any updates/info.
The surprising thing is that when i use the same
Hi
It has been quite sometime now since i could followup on the issue
submiited by me, very sorry about the delay in doing so.
I have been facing this issue primarily on a OpenWRT Gateway:
--
BusyBox
Hello Rajiv,
did you add the passphrase which encrypts the private key to
the ipsec.secrets entry?
: RSA /ssl/private/mfcgw1key.pem my passphrase
Regards
Andreas
On 10.11.2011 15:10, Rajiv Kulkarni wrote:
Hi
It has been quite sometime now since i could followup on the issue
submiited by
Hi
Yes offcourse. I did that. You see,
- when i use OpenSSL 1.0.0d-fips 8 Feb 2011 on a Linux-FC13 machine to
generate certs, the default rsa key format is PKCS#8 which i believe
strongswan does not yet support
- if on the other, i use a openwrt-gw with OpenSSL 0.9.8q 2 Dec 2010 and
Linux
Hi Rajiv,
Try adding an empty line between the third and fourth line of your
private key file, like this:
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2FC8D750D505E922
D8p/CHn/F5PuiLtSIp9AWfZ9Iig9VQydF7uhCDgJKgOutYGj7PkoufOhFsJ+H7D1
Hello Tobias
I did as adviced and iam getting the following error on ipsec start
--nofork
---
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
00[LIB] key integrity tests failed
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 5 builders
00[CFG]
Hi Rajiv,
00[LIB] key integrity tests failed
Seems like the gmp plugin has some issues with your key. It would help
if you could send us an example private key file causing this error.
Regards,
Tobias
___
Users mailing list
Hello Tobias,
Please find included the sample certs (including the rsa private key files
whose passwd is config123). The attachments are in winrar rar file format.
hope this helps
thanks regards
rajiv
On Thu, Nov 10, 2011 at 10:34 PM, Tobias Brunner tob...@strongswan.orgwrote:
Hi Rajiv,
Hi Rajiv,
When I use
openssl rsa -in mfcgw1key2.pem -check -noout
on my x86_64 machine with OpenSSL 0.9.8o I get
RSA key error: dmp1 not congruent to d
RSA key error: dmq1 not congruent to d
which is also the reason why our libgmp based plugin doesn't like the
keys,
Hi
I am facing a problem in my Strongswan deployment on a Linux-Fedora13
Server. I have created a CA and some device certs on the Linux-Fed13 server
using OpenSSL. But iam unable to use the device certs (the private-key file)
in strongswan. Iam getting the following error (console trace). Also
Hi Rajiv,
[root@dvtpc2 private]# cat dvtpc2key1024-self.pem
-BEGIN PRIVATE KEY-
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALPec1SeRutyn4Sb
yWS8RVXDiroh3XgXchjYbwm+RvoFS7k31LcpK+zgs62ZdTFxeYCv6hr/bV2BIwwf
NwMlPc5zyHnjFrMmOG2eXzzd0xleFwx12NSW0rXtpAVa9/GVmROhObAFUlrLYL4R
11 matches
Mail list logo
