On Tue, 26 Apr 2016, Sergio Belkin wrote:
abr 26 10:29:22 initiator.example.local pluto[11534]: "windows" #1: STATE_MAIN_I3: sent MI3, expecting MR3 abr 26 10:29:23 initiator.example.local pluto[11534]: "windows" #1: Main mode peer ID is ID_DER_ASN1_DN: 'CN=server.example.com' abr 26 10:29:23 initiator.example.local pluto[11534]: "windows" #1: no RSA public key known for 'CN=server.example.com' abr 26 10:29:23 initiator.example.local pluto[11534]: "windows" #1: sending encrypted notification INVALID_KEY_INFORMATION to 190.0.2.236:4500
You seem to reject the remote certificate. Looks like a missing CA cert on your end?
leftcert=le-3dbfb38a-2a4d-42a2-8830-0f2711db9df9
rightid="CN=server.example.com"
Certificates list: certutil -L -d sql:/etc/ipsec.d/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI le-3dbfb38a-2a4d-42a2-8830-0f2711db9df9 u,u,u
This lists only your EE-cert. I do not see the CA cert in there. If you create a PKCS#12 file, it should include the CAcert, EEcert and EEprivkey, and you can import that using "ipsec import file.p12" Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
