Re: [strongSwan] Query on client authentication using EAP-TLS
Hi Akash, no TLS peer certificate found for '223456789123...@nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client authentication EAP_TLS method failed As the TLS stack does not find a usable certificate with a private for your ID, it skips client authentication. Your server most likely requires that, though, and therefore cancels the TLS handshake. Check if you have configured the private key for your client certificate in ipsec.secrets, there is no related error in the startup log and that ipsec listcerts shows has private key for your client certificate. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Query on client authentication using EAP-TLS
Hi, In* ipsec.secrets* I have given the following key: :RSA fap-tls-10.prv 223456789123...@nai.epc.mnc213.mcc090.3gppnetwork.org %any : PSK abcd 223456789123...@nai.epc.mnc213.mcc090.3gppnetwork.org : EAP abcdedfgh Still facing the issue. Regards, Akash On Mon, Feb 23, 2015 at 6:36 PM, Martin Willi mar...@strongswan.org wrote: Hi Akash, no TLS peer certificate found for ' 223456789123...@nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client authentication EAP_TLS method failed As the TLS stack does not find a usable certificate with a private for your ID, it skips client authentication. Your server most likely requires that, though, and therefore cancels the TLS handshake. Check if you have configured the private key for your client certificate in ipsec.secrets, there is no related error in the startup log and that ipsec listcerts shows has private key for your client certificate. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] query on client authentication using EAP-TLS
Hi, no TLS peer certificate found for '01234...@ims.mnc212.mcc091.3gppnetwork.org', skipping client authentication Your configuration uses this client ID, but you didn't configure a certificate. Try to define a certificate to use for TLS authentication using the leftcert option. This certificate must contain the identity defined as leftid (as your AAA does not request an EAP-Identity), either as the certificate subject DN, or as a subjectAltName. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users