Re: [strongSwan] [strongswan]INVALID_ID_INFORMATION

Tue, 29 Dec 2009 11:38:33 -0800 

Dear Ashish,

there is an error in the rightid definition. The correct syntax is

rightid="C=IN, ST=KAR, O=XXXXX, OU=XXXX, CN=FTM,
         [email protected]"

OpenSSL glues the email attribute with a slash right after the CN
but it should be separated by a comma.

Regards

Andreas

ashish mahalka wrote:
> Hello Andreas,
> 
> I am getting an INVALID_ID_INFORMATION error with the certificate that I
> am using. (the certificate is attached with this mail). From this error,
> I understand that the subject of the certificate is not in the correct
> format.
> When I give the format as C=, ST=, O=, OU=, CN= it works but when the
> format is (as mentioned in the certificate), it gives this error. The
> pluto logs on both the peers are also attached. Below is the ipsec.conf
> file that I am using :-
> 
> config setup
>         strictcrlpolicy=no
>         plutodebug=all
>         plutostart=yes
>         charonstart=yes
>         charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2,
> net 2, lib 2"
>         nat_traversal=no
>  
> ca  ipsec
>        cacert=cacert.pem
>        auto=add
>  
> conn %default
>         ikelifetime=24h
>         keylife=10m
>         rekeymargin=2m
>         keyingtries=1
>         keyexchange=ikev1
>         mobike=no
>  
> 
> conn host-host
>        left=10.10.10.5
>        leftsubnet=10.10.10.0/24 <http://10.10.10.0/24>
>        leftcert=cert.pem
>        leftsendcert=always
>        right=10.10.10.2
>        rightsubnet=10.10.10.0/24 <http://10.10.10.0/24>
>        rightid="C=IN, ST=KAR, O=XXXXX, OU=XXXX,
> CN=FTM/[email protected]
> <mailto:CN=FTM/[email protected]>
>        auto=add
> 
> ( To maintain confidentiality, I have masked the actual values, though
> you can see the actual values in the logs and the certificate)
> 
> Thanks & Regards,
> Ashish

======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Linux VPN Solution!                www.strongswan.org

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to