Hi Tobias, >Certificates used by different hosts seem to use the same subject DN. >Are these actually the same certificates/keys?
Yes. I am using the same end-entity certificate/key on all of my test systems (Red Hat and Windows). >Why would the Windows host send a certificate request for the end-entity >certificate. Seems like a misconfiguration (e.g. certificate in the >wrong keystore). I hadn't noticed this. I was able to fix the Windows configuration so that the end-entity certificate is no longer requested; however, I am still getting the signature validation failed error. New log attached. In case it makes a difference, I did test opening a tunnel from Linux to Windows, and that is now working properly (with the fix to the Windows configuration). I've attached a log from that case as well. Thank you for your help! Quinn
windows-to-linux-syslog
Description: windows-to-linux-syslog
linux-to-windows-syslog
Description: linux-to-windows-syslog
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
