Dear Ashish, there is an error in the rightid definition. The correct syntax is
rightid="C=IN, ST=KAR, O=XXXXX, OU=XXXX, CN=FTM,
[email protected]"
OpenSSL glues the email attribute with a slash right after the CN
but it should be separated by a comma.
Regards
Andreas
ashish mahalka wrote:
> Hello Andreas,
>
> I am getting an INVALID_ID_INFORMATION error with the certificate that I
> am using. (the certificate is attached with this mail). From this error,
> I understand that the subject of the certificate is not in the correct
> format.
> When I give the format as C=, ST=, O=, OU=, CN= it works but when the
> format is (as mentioned in the certificate), it gives this error. The
> pluto logs on both the peers are also attached. Below is the ipsec.conf
> file that I am using :-
>
> config setup
> strictcrlpolicy=no
> plutodebug=all
> plutostart=yes
> charonstart=yes
> charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2,
> net 2, lib 2"
> nat_traversal=no
>
> ca ipsec
> cacert=cacert.pem
> auto=add
>
> conn %default
> ikelifetime=24h
> keylife=10m
> rekeymargin=2m
> keyingtries=1
> keyexchange=ikev1
> mobike=no
>
>
> conn host-host
> left=10.10.10.5
> leftsubnet=10.10.10.0/24 <http://10.10.10.0/24>
> leftcert=cert.pem
> leftsendcert=always
> right=10.10.10.2
> rightsubnet=10.10.10.0/24 <http://10.10.10.0/24>
> rightid="C=IN, ST=KAR, O=XXXXX, OU=XXXX,
> CN=FTM/[email protected]
> <mailto:CN=FTM/[email protected]>
> auto=add
>
> ( To maintain confidentiality, I have masked the actual values, though
> you can see the actual values in the logs and the certificate)
>
> Thanks & Regards,
> Ashish
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
