Hi, I know certreq should be filled by part of hash of certificate authority, but I don't know an easy way to calculate it by myself.
>From my debug: Nov 20 18:09:15 pc161 charon: 16[IKE] local host is behind NAT, sending keep alives Nov 20 18:09:15 pc161 charon: 16[IKE] received 1 cert requests for an unknown ca Nov 20 18:09:15 pc161 charon: 16[IKE] sending cert request for "C=CA, ST=bc, L=vancouver, O=fortinet, OU=qa, CN=hans_216, [email protected]" Nov 20 18:09:15 pc161 charon: 16[IKE] sending cert request for "C=CA, ST=bc, L=vancouver, O=fortinet, OU=qa, CN=hans_216_sub2, [email protected]" Nov 20 18:09:16 pc161 charon: 16[IKE] authentication of 'C=CA, ST=bc, L=vancouver, O=fortinet, OU=qa, CN=dut2_sub3_alt, [email protected]' (myself) with RSA signature successful 1. The second line said "requests for an unknown ca". I don't know why, I suppose I have all relevant cacert in directory /etc/ipsec.d/cacert. So, is that means my peer sending a wrong value in certreq field? 2. The third and fourth line said we're building our certreq field and sending it. My questions is how do strongswan choose cacert to send? I actually have 4 cacert in my directory /etc/ipsec.d/cacert. Why do strongswan choose two of them? which kind of rule? 3. To confirm if strongswan are sending correct certreq, is there a way to calculate certreq field value by ourself? like an openssl command? Thanks! -- Rgds, Hans Yin Web: http://sourceforge.net/projects/autotestnet/ Email: [email protected] MSN: [email protected] Skype: hans_yin_vancouver _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
