Thanks, Based on response i was able to resolve my issue. I was removing "/" when reading the subject.
-Rajeev On Fri, Feb 9, 2018 at 11:02 AM, Tobias Brunner <[email protected]> wrote: > Hi Rajeev, > > > Using DAVICI, I did make sure local.id is "C=US, > > O=ARRIS Group, Inc., OU=DCA Remote Device Certificate, > CN=FF:FF:05:E6:E7:80" > > The comma between "Group" and "Inc." in the O RDN lets the identity > string parser fail and this string will not be treated as ASN.1 DN but > as opaque key ID, this won't match your private key during the lookup. > If you want to configure DNs that contain commas you can either use / > instead of comma to separate the RDNs (the whole string has to start > with a slash then): > > /C=US/O=ARRIS Group, Inc./OU=DCA Remote Device > Certificate/CN=FF:FF:05:E6:E7:80 > > Or you may configure the identity as binary ASN.1 value with the asn1dn: > prefix (use the pki --dn utility). Also an option is to not configure > an identity in the local auth config but instead the client certificate, > then the identity should default to the subject DN of the certificate. > > Regards, > Tobias >
