Hi Quinn, > charon: 16[CFG] reached self-signed root ca with a path length of 0 > charon: 16[CFG] using trusted certificate "C=US, O=Org, OU=Unit, > CN=QdCertSaIke2P384" > charon: 16[IKE] signature validation failed, looking for another key
While the daemon finds a verified certificate/public key for that identity/DN the signature apparently was not created with the corresponding private key. > charon: 13[CFG] using trusted certificate "C=US, O=Org, OU=Unit, > CN=QdCertSaIke2P384" > charon: 13[IKE] authentication of 'C=US, O=Org, OU=Unit, CN=QdCertSaIke2P384' > with ECDSA successful > charon: 13[IKE] authentication of 'C=US, O=Org, OU=Unit, CN=QdCertSaIke2P384' > (myself) successful Certificates used by different hosts seem to use the same subject DN. Are these actually the same certificates/keys? > charon: 11[IKE] received cert request for 'DC=com, DC=test, DC=go, > CN=CERTSERVER-CA' > charon: 11[IKE] received cert request for 'C=US, O=test, OU=test, > CN=QdCertSaIke2P384' > charon: 11[IKE] received end entity cert "C=US, O=test, OU=test, > CN=QdCertSaIke2P384" Why would the Windows host send a certificate request for the end-entity certificate. Seems like a misconfiguration (e.g. certificate in the wrong keystore). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
