Re: [strongSwan] No private key found

rajeev nohria Tue, 12 Dec 2017 07:20:04 -0800

PEM format files..

On Tue, Dec 12, 2017 at 9:33 AM, rajeev nohria <[email protected]> wrote:


> This is at originator side where we are seeing the issue..
>
> ~# ipsec listcerts
>
> List of X.509 End Entity Certificates
>
>   subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E6:20"
>   issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
>   validity:  not before Sep 14 16:13:24 2017, ok
>              not after  Sep 14 16:13:24 2018, ok (expires in 276 days)
>   serial:    01:ff:ff:05:e6:e6:20
>   authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
>   subjkeyId: 71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f
>   pubkey:    RSA 2048 bits, has private key
>   keyid:     85:d3:eb:51:9a:a8:1e:f6:ff:14:ee:cc:64:f6:2f:e0:32:99:1b:ce
>   subjkey:   71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f
>
> On Mon, Dec 11, 2017 at 4:11 PM, rajeev nohria <[email protected]>
> wrote:
>
>> Let me know if you need more info..
>>
>> On Mon, Dec 11, 2017 at 2:45 PM, rajeev nohria <[email protected]>
>> wrote:
>>
>>> Please find the key and config.  I am using davici so I am printing the
>>> configuration from log as commands are executing.
>>>
>>>  Load-Connection command
>>>   Section start rpdfc00:cada:c404::200
>>>   Version is 2
>>>  Local_addrs  is fc00:cada:c404:607::1004
>>>  remote_addrs is fc00:cada:c404::200
>>>   local_port is 500
>>>   remote_port is 500
>>>   proposals is aes128-sha256-modp2048
>>>   local section
>>>  auth is pubkey
>>>  RPD ip address is fc00:cada:c404:607::1004
>>>  id is C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
>>> CN=FF:FF:05:E6:E6:20
>>>   remote
>>>   id is %any
>>>   auth is pubkey
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Dec 11, 2017 at 10:39 AM, Jafar Al-Gharaibeh <[email protected]>
>>> wrote:
>>>
>>>> Can  you share your config/secret files ?
>>>>
>>>> --Jafar
>>>>
>>>>
>>>> On 12/11/2017 9:17 AM, rajeev nohria wrote:
>>>>
>>>> Anyone can help in this issue, I have setup the id with Subject id.
>>>> Still have this issue. Is anything else I am missing?
>>>> Thanks,
>>>> Rajeev
>>>>
>>>> On Tue, Nov 14, 2017 at 12:44 PM, rajeev nohria <[email protected]>
>>>> wrote:
>>>>
>>>>>
>>>>> Not sure what is wrong here,  Can you let me know if  I am missing
>>>>> something here.
>>>>>
>>>>>
>>>>>
>>>>> 16[KNL] creating acquire job for policy 
>>>>> fc00:cada:c406:607::1001/128[tcp/43005]
>>>>> === fc00:cada:c406::200/128[tcp/8190] with reqid {2}
>>>>>
>>>>> 2017-11-13 15:58:56,001-HalTransport.py-94-INFO-Start a agent
>>>>> transport interface, path = [/tmp/Hal/agent/client/1/push]
>>>>>
>>>>> 15[IKE] initiating IKE_SA rpdfc00:cada:c406::200[1] to
>>>>> fc00:cada:c406::200
>>>>>
>>>>> 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
>>>>> N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
>>>>>
>>>>> 15[NET] sending packet: from fc00:cada:c406:607::1001[500] to
>>>>> fc00:cada:c406::200[500] (456 bytes)
>>>>>
>>>>> 10[NET] received packet: from fc00:cada:c406::200[500] to
>>>>> fc00:cada:c406:607::1001[500] (453 bytes)
>>>>>
>>>>> 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
>>>>>
>>>>> 10[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 10[IKE] received 1 cert requests for an unknown ca
>>>>>
>>>>> 10[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device
>>>>> CA01, CN=TEST CableLabs Device Certification Authority"
>>>>>
>>>>> 10[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 10[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA
>>>>> Remote Device Certificate, CN=FF:FF:05:E6:E6:20'
>>>>>
>>>>> 13[KNL] creating delete job for CHILD_SA ESP/0x00000000/fc00:cada:c406:
>>>>> :200
>>>>>
>>>>> 08[JOB] CHILD_SA ESP/0x00000000/fc00:cada:c406::200 not found for
>>>>> delete
>>>>>
>>>>> 06[KNL] creating acquire job for policy 
>>>>> fc00:cada:c406:607::1001/128[tcp/39047]
>>>>> === fc00:cada:c406::200/128[tcp/8190] with reqid {2}
>>>>>
>>>>> 16[IKE] initiating IKE_SA rpdfc00:cada:c406::200[2] to
>>>>> fc00:cada:c406::200
>>>>>
>>>>> 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
>>>>> N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
>>>>>
>>>>> 16[NET] sending packet: from fc00:cada:c406:607::1001[500] to
>>>>> fc00:cada:c406::200[500] (456 bytes)
>>>>>
>>>>> 11[NET] received packet: from fc00:cada:c406::200[500] to
>>>>> fc00:cada:c406:607::1001[500] (453 bytes)
>>>>>
>>>>> 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
>>>>>
>>>>> 11[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 11[IKE] received 1 cert requests for an unknown ca
>>>>>
>>>>> 11[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device
>>>>> CA01, CN=TEST CableLabs Device Certification Authority"
>>>>>
>>>>> 11[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 11[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA
>>>>> Remote Device Certificate, CN=FF:FF:05:E6:E6:20
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root@plnx_aarch64:~# ip -s xfrm state
>>>>>
>>>>> src fc00:cada:c406:607::1001 dst fc00:cada:c406::200
>>>>>
>>>>>         proto esp spi 0x00000000(0) reqid 2(0x00000002) mode transport
>>>>>
>>>>>         replay-window 0 seq 0x00000002 flag  (0x00000000)
>>>>>
>>>>>         anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
>>>>>
>>>>>         sel src fc00:cada:c406:607::1001/128 dst
>>>>> fc00:cada:c406::200/128 proto tcp sport 39047 dport 8190 uid 0
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>>           limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 165(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 16:01:42 use -
>>>>>
>>>>>         stats:
>>>>>
>>>>>           replay-wind
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root@plnx_aarch64:~# ip -s xfrm policy
>>>>>
>>>>> src fc00:cada:c406::200/128 dst fc00:cada:c406:607::1001/128 proto tcp
>>>>> uid 0
>>>>>
>>>>>         dir in action allow index 88 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>>           limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 15:58:55 use -
>>>>>
>>>>>         tmpl src :: dst ::
>>>>>
>>>>>                 proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
>>>>> transport
>>>>>
>>>>>                 level required share any
>>>>>
>>>>>                 enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406:607::1001/128 dst fc00:cada:c406::200/128 proto tcp
>>>>> uid 0
>>>>>
>>>>>         dir out action allow index 81 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>>           limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 15:58:55 use -
>>>>>
>>>>>         tmpl src :: dst ::
>>>>>
>>>>>                 proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
>>>>> transport
>>>>>
>>>>>                 level required share any
>>>>>
>>>>>                 enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406::200/128 dst fc00:cada:c406:607::1001/128 proto
>>>>> l2tp uid 0
>>>>>
>>>>>         dir in action allow index 72 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>>           limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 15:58:55 use -
>>>>>
>>>>>         tmpl src :: dst ::
>>>>>
>>>>>                 proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
>>>>> transport
>>>>>
>>>>>                 level required share any
>>>>>
>>>>>                 enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406:607::1001/128 dst fc00:cada:c406::200/128 proto
>>>>> l2tp uid 0
>>>>>
>>>>>         dir out action allow index 65 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>>           limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 15:58:55 use -
>>>>>
>>>>>         tmpl src :: dst ::
>>>>>
>>>>>                 proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
>>>>> transport
>>>>>
>>>>>                 level required share any
>>>>>
>>>>>                 enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>>         socket in action allow index 59 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>>         socket out action allow index 52 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>>         socket in action allow index 43 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>>         socket out action allow index 36 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>>         socket in action allow index 27 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>>         socket out action allow index 20 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>>         socket in action allow index 11 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use 2017-11-13 16:04:42
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>>         socket out action allow index 4 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>>         lifetime config:
>>>>>
>>>>>           limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>>           limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>>           expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>>           expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>>         lifetime current:
>>>>>
>>>>>           0(bytes), 0(packets)
>>>>>
>>>>>           add 2017-11-13 18:46:13 use 2017-11-13 16:04:30
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ################# Certificates ######################
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> v --in *privKey.pem*
>>>>>
>>>>>   privkey:   RSA 2048 bits
>>>>>
>>>>>   keyid:     85:d3:eb:51:9a:a8:1e:f6:ff:14:
>>>>> ee:cc:64:f6:2f:e0:32:99:1b:ce
>>>>>
>>>>>   subjkey:   71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root@plnx_aarch64:/var/priv# pki --print --type x509 --in *Dcert.pem*
>>>>>
>>>>>   opening 'Dcert.pem' failed: No such file or directory
>>>>>
>>>>> building CRED_CERTIFICATE - X509 failed, tried 4 builders
>>>>>
>>>>> parsing input failed
>>>>>
>>>>> root@plnx_aarch64:/var/priv# pki --print --type x509 --in DCert.pem
>>>>>
>>>>>   subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device
>>>>> Certificate, CN=FF:FF:05:E6:E6:20"
>>>>>
>>>>>   issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
>>>>> Device Certification Authority"
>>>>>
>>>>>   validity:  not before Sep 14 16:13:24 2017, ok
>>>>>
>>>>>              not after  Sep 14 16:13:24 2018, ok (expires in 305 days)
>>>>>
>>>>>   serial:    01:ff:ff:05:e6:e6:20
>>>>>
>>>>>   authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>>   subjkeyId: 71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>>   pubkey:    RSA 2048 bits
>>>>>
>>>>>   keyid:     85:d3:eb:51:9a:a8:1e:f6:ff:14:
>>>>> ee:cc:64:f6:2f:e0:32:99:1b:ce
>>>>>
>>>>>   subjkey:   71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>> root@plnx_aarch64:/var/priv#
>>>>>
>>>>> root@plnx_aarch64:/var/priv#
>>>>>
>>>>> root@plnx_aarch64:/var/priv#
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root@plnx_aarch64:/var/priv# pki --print --type x509 --in *DMCert.pem*
>>>>>
>>>>>   subject:  "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
>>>>> Device Certification Authority"
>>>>>
>>>>>   issuer:   "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>>   validity:  not before Dec 09 23:08:49 2014, ok
>>>>>
>>>>>              not after  Dec 09 23:08:49 2049, ok (expires in 11714
>>>>> days)
>>>>>
>>>>>   serial:    a0:16:bc:73:85:0e:65:37
>>>>>
>>>>>   altNames:  CN=SYMC-3072-5
>>>>>
>>>>>   flags:     CA CRLSign
>>>>>
>>>>>   pathlen:   0
>>>>>
>>>>>   authkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>>   subjkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>>   pubkey:    RSA 3072 bits
>>>>>
>>>>>   keyid:     b7:98:32:e4:ae:30:02:57:f7:ad:
>>>>> cb:2b:37:41:17:9c:1b:9d:79:28
>>>>>
>>>>>   subjkey:   f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>> root@plnx_aarch64:/var/priv# ls
>>>>>
>>>>> DCert.pem         DMCertTemp.der    privKey.pem
>>>>>
>>>>> DCertTemp.der     DRCert.pem        privKeyTemp.der
>>>>>
>>>>> DMCert.pem        DRCertTemp.der    privKeyTemp1.der
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root@plnx_aarch64:/var/priv# pki --print --type x509 --in *DRCert.pem*
>>>>>
>>>>>   subject:  "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>>   issuer:   "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>>   validity:  not before Nov 11 17:19:44 2014, ok
>>>>>
>>>>>              not after  Nov 11 17:19:44 2064, ok (expires in 17165
>>>>> days)
>>>>>
>>>>>   serial:    b1:b0:d3:be:83:ee:bf:e3
>>>>>
>>>>>   altNames:  CN=MPKI-4096-1-206
>>>>>
>>>>>   flags:     CA CRLSign self-signed
>>>>>
>>>>>   subjkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>>   pubkey:    RSA 4096 bits
>>>>>
>>>>>   keyid:     bd:0e:4c:0f:21:cf:f0:49:af:19:
>>>>> 34:3b:c2:64:c5:31:a1:2e:11:07
>>>>>
>>>>>   subjkey:   89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>> root@plnx_aarch64:/var/priv#
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>

privKey.pem
Description: Binary data

DCert.pem
Description: Binary data

DMCert.pem
Description: Binary data

DRCert.pem
Description: Binary data

Re: [strongSwan] No private key found

Reply via email to