Hi John, > We have problems with certificate authentication and see "RSA signature > verification failed: Bad signature" during strongswan connection try. We > would like to retrieve all remote certificate chain to "manually" check > this issue. Is this possible using strongswan (for example by enabling > some debugs)?
You could increase the log level to get the certificates sent by the peer. But I'm not sure if that would help much. When exactly does this happen? When verifying a certificate? When verifying the IKE authentication? Do you use IKEv2 or IKEv1? Do you have the correct root CA certificate installed? Anyway, if you want to extract the certificates from the log you may increase the log level for the enc subsystem to 3 [1]. You'll get lots of output that way, look for data logged for CERTIFICATE payloads (you'll also have to reconstruct the binary data from the hex output in the log). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
