Hi, > I feel that the message : id '10.201.114.211' not confirmed by > certificate, defaulting to 'C=IN, ST=KAR, O=WT, OU=TEV, CN=211, > [email protected]' could be the culprit but unable to figure out the > reason.
If you do not explicitly specify a leftid, the left parameter is used as your local identity. But your certificate does not contain such an identity as subjectAltName. As this is required, we default to the included certificate subject in this case. This actually shouldn't hurt, you can get rid of the warning by setting leftid to this identity. > ipsec.secrets > : RSA 211Key.pem "2111" > ipsec listcerts > pubkey: RSA 1024 bits If charon would have a private key for your certificate, it would indicate this with "has private key" in listcerts. Either your specified private key does not match to your certificate, or the private key failed to load. Any errors regarding private key loading during daemon startup? Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
