Now you're just fishing in the dark and guessing. The format of the certificate is irrelevant. Read the log you pasted and fix the
> Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to > 'C=ES, O=ACCV, CN=ACCVRAIZ1' I guess that's from the client. Where did you set that DN? Regards, Noel On 28.02.2016 20:37, yukou katori wrote: > Hi, Noel > > Or this "access denied" can come from pkcs format? > pkcs#7 is used in this case, pkcs#12 should be used? > > Regards, > > > On Sunday, 28 February 2016, 15:20, yukou katori <[email protected]> > wrote: > > > Hi, Noel > > Thanks. > I complied again to isolate this problem. > The reason why no item about certificates was shown by "ipsec listall" came > from that I imported incorrect certificate from FreeRadius. > Now I could get the item about CA by "ipsec install". > > But I get the same error yet. > > What does "access denied" mean? > This is for TLS 1.2 but, it means: > access_denied > A valid certificate was received, but when access control was > applied, the sender decided not to proceed with negotiation. This > message is always fatal. > from rfc5246 > > Access control? > > I complied like this: > ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc > --enable-eap-identity --enable-eap-tls --enable-eap-peap --enable-eap-ttls > --enable-eap-mschapv2 --enable-eap-md5 > > Regards, > -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
