After reading your explanations, I tried : 1) leftid="C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E= jacques.moni...@gmail.com" I get : no private key found for 'C=FR, ST=R??gion Parisienne, L=Paris, OU=Org, CN=1.Org, E=jacques.moni...@gmail.com'
2) leftid=asn1dn:"C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E= jacques.moni...@gmail.com" I get : no private key found for '' 3) leftid=dn:"C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E= jacques.moni...@gmail.com" I get : no private key found for '64:6e:3a:20:43:3d:46...' Do you have a hint for this ? Did I misunderstood something ? Thx for your help 2015-05-12 10:14 GMT+02:00 Martin Willi <mar...@strongswan.org>: > > > I don't really get how I'm supposed to use leftid, am I supposed to find > a > > string-ASN.1 converter ? > > No, you define a string representation of your identity. strongSwan > detects the identity type, and tries to convert it to the appropriate > binary encoding (ASN.1 in the case of a DN). > > While you can specify the raw binary encoding in leftid using the > asn1dn: or other prefixes, this is usually not required. Refer to the > ipsec.conf manpage for details about the leftid option. > > If your certificate encodes the RDN as UTF8String, and your accent > characters are encoded properly in UTF-8, it should be possible to > create a matching subject using leftid if your ipsec.conf is UTF-8 > encoded. > > > Is there an other way to specify the certification we want to use that > > using leftid ? > > As previously discussed, you can use leftcert to directly select a plain > X.509 certificate from a certificate file or smartcard slot. But that > won't work for PKCS#12. To alternatively select the certificate by > leftid, specify an identity contained in the certificate with one of the > options from above. > > Regards > Martin > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
