Hi Tobias, > Are you absolutely sure that all certificates with the same subject DN > are actually based on the same public/private key pair?
Yes. I'm using the exact same PKCS12 file on both systems. I even verified that the file was not corrupted by hashing it on both my Linux and Windows systems (hashes matched), and I verified that the keyid, serial, etc. are identical. > Anyway, doing this is definitely not recommended. Understood. I generated another key pair to reproduce the test, and I am getting the same results even when a different key pair is used on the initiating system (e.g. Windows initiation fails, Red Hat initiation succeeds). Logs attached. > Interesting. How does the output of `ipsec listcerts` look like after > each of these runs? In both the Linux to Linux and Windows to Linux cases, the output of ipsec listcerts is identical. I've attached the output from my run using the same keypair on both sides and a second output from a run using a different keypair on both sides. Thanks, Quinn
same-cert-listcerts
Description: same-cert-listcerts
diff-certs-windows-to-linux-syslog
Description: diff-certs-windows-to-linux-syslog
diff-certs-listcerts
Description: diff-certs-listcerts
diff-certs-linux-to-windows-syslog
Description: diff-certs-linux-to-windows-syslog
diff-certs-linux-to-linux-syslog
Description: diff-certs-linux-to-linux-syslog
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
