Thanks, Based on response i was able to resolve my issue.  I was removing
"/" when reading the subject.

-Rajeev

On Fri, Feb 9, 2018 at 11:02 AM, Tobias Brunner <tob...@strongswan.org>
wrote:

> Hi Rajeev,
>
> > Using DAVICI, I did make sure local.id is  "C=US,
> > O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E7:80"
>
> The comma between "Group" and "Inc." in the O RDN lets the identity
> string parser fail and this string will not be treated as ASN.1 DN but
> as opaque key ID, this won't match your private key during the lookup.
> If you want to configure DNs that contain commas you can either use /
> instead of comma to separate the RDNs (the whole string has to start
> with a slash then):
>
> /C=US/O=ARRIS Group, Inc./OU=DCA Remote Device
> Certificate/CN=FF:FF:05:E6:E7:80
>
> Or you may configure the identity as binary ASN.1 value with the asn1dn:
> prefix (use the pki --dn utility).  Also an option is to not configure
> an identity in the local auth config but instead the client certificate,
> then the identity should default to the subject DN of the certificate.
>
> Regards,
> Tobias
>

Reply via email to