Hi,
I'm setting up EAP-TTLS-Radius client on StrongSwan5.3.5.
Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius
Server(Freeradius2.1.12)
I got the following error when the Client tries to connect.> Feb 25 14:41:13
tester charon: 05[TLS] server certificate does not match to 'C=AAA, O=OOO,
CN=TEST'
I installed certification of the server:ipsec.d/certs/
/usr/local/etc/ipsec.d# ls certs/server.pem
When I checked by "ipsec listall", no item about "List of X.509 End Entity
Certificates" is listed up.
Is it wrong about the way to store certificate?Or another reason? (e.g. plugin
is not enough)
Regards,
Log:Feb 25 14:41:13 tester charon: 05[TLS] negotiated TLS 1.0 using suite
TLS_DHE_RSA_WITH_AES_128_CBC_SHAFeb 25 14:41:13 tester charon: 05[TLS]
processing TLS Handshake record (708 bytes)Feb 25 14:41:13 tester charon:
05[TLS] received TLS Certificate handshake (704 bytes)Feb 25 14:41:13 tester
charon: 05[LIB] signature verification:Feb 25 14:41:13 tester charon: 05[TLS]
server certificate does not match to 'C=ES, O=ACCV, CN=ACCVRAIZ1'Feb 25
14:41:13 tester charon: 05[TLS] buffering 254 bytes, 254 bytes of 530 byte TLS
record receivedFeb 25 14:41:13 tester charon: 05[TLS] sending fatal TLS alert
'access denied'
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
