[Users] Wierd certificate validity dates

Craig Emery Thu, 31 Jul 2003 13:29:46 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1




Dear All,

I'm trying to get X.509 working from an XP client to my Linux gateway.

I've got RedHat 7.3
FreeS/WAN freeswan-1.99_x509_0.9.15_2.4.20_18.7-1 and 
freeswan-module-1.99_x509_0.9.15_2.4.20_18.7-1

I've been following http://www.natecarlson.com/linux/ipsec-x509.php

However after creating a CA and a certificate for my gateway and installing them all I 
see this in /var/log secure

[see attached]

I generated a certificate for my XP client, exported the pkcs12 stuff and subsequently 
my XP client says:

 IKE stats; negotiation failure 3

Now the *very* wierd thing to see in my logs is

Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - notBefore:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'Jul 31 19:47:37 UTC 2003'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - notAfter:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'Dec 31 23:59:59 UTC 1969'

Surely these dates are the wrong way round? There's no valid date range that can exist 
"not before" today and "not after" 1969?

Any ideas what I'm doing wrong?

TIA

Craig Emery,
Cambridge, UK

p.s. Sorry fot the large email, I didn't know what to snip out
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.6 (MingW32)

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org



iD8DBQE/KXj6BIRM2chQkvERAqRwAKCo/iizQvdNkWe8eCqp/mjeKCyeUQCg5GMR

Omz6I10U9tCuiNgIRWaRuMo=

=WUkP

-----END PGP SIGNATURE-----

Jul 31 21:06:13 pc2-cmbg4-6-cust24 ipsec__plutorun: Starting Pluto subsystem...
Jul 31 21:06:13 pc2-cmbg4-6-cust24 pluto[19360]: Starting Pluto (FreeS/WAN Version 
1.99)
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]:   including X.509 patch (Version 
0.9.15)
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | opening /dev/urandom
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | inserting event 
EVENT_REINIT_SECRET, timeout in 3600 seconds
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | process 19360 listening for 
PF_KEY_V2 on file descriptor 6
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | finish_pfkey_msg: SADB_REGISTER 
message 1 for AH 
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   02 07 00 02  02 00 00 00  01 00 
00 00  a0 4b 00 00
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | pfkey_get: SADB_REGISTER message 1
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | AH registered with kernel.
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | finish_pfkey_msg: SADB_REGISTER 
message 2 for ESP 
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   02 07 00 03  02 00 00 00  02 00 
00 00  a0 4b 00 00
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | pfkey_get: SADB_REGISTER message 2
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | ESP registered with kernel.
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | finish_pfkey_msg: SADB_REGISTER 
message 3 for IPCOMP 
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   02 07 00 0a  02 00 00 00  03 00 
00 00  a0 4b 00 00
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | pfkey_get: SADB_REGISTER message 3
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | IPCOMP registered with kernel.
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | finish_pfkey_msg: SADB_REGISTER 
message 4 for IPIP 
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   02 07 00 09  02 00 00 00  04 00 
00 00  a0 4b 00 00
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | pfkey_get: SADB_REGISTER message 4
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | IPIP registered with kernel.
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | inserting event EVENT_SHUNT_SCAN, 
timeout in 120 seconds
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: Changing to directory 
'/etc/ipsec.d/cacerts'
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]:   loaded cacert file 'cacert.pem' 
(1655 bytes)
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   file content is not binary ASN.1
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   -----BEGIN CERTIFICATE-----
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   -----END CERTIFICATE-----
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: |   file coded in PEM format
Jul 31 21:06:14 pc2-cmbg4-6-cust24 pluto[19360]: | L0 - certificate:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - tbsCertificate:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - DEFAULT v1:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - version:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   02
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   v3
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - serialNumber:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   00
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - signature:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - sigAlg:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'md5WithRSAEncryption'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - issuer:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'C=GB, ST=Cambridgeshire, 
L=Cambridge, O=Emery Ltd, CN=xxxxxxx.dynalias.net, [EMAIL PROTECTED]'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - validity:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - notBefore:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'Jul 31 19:47:37 UTC 2003'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - notAfter:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'Dec 31 23:59:59 UTC 1969'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - subject:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'C=GB, ST=Cambridgeshire, 
L=Cambridge, O=Emery Ltd, CN=xxxxxxx.dynalias.net, [EMAIL PROTECTED]'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - subjectPublicKeyInfo:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - algorithm:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L4 - algorithm:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'rsaEncryption'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - subjectPublicKey:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L4 - RSAPublicKey:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - modulus:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - publicExponent:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   01 00 01
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - optional extensions:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - extensions:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L4 - extension:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnID:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'subjectKeyIdentifier'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - critical:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   FALSE
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnValue:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   04 14 07 38  b9 68 cc 56  e0 cc 
0a 40  90 2f ca 49
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   3c a9 0b 27  4d 32
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L4 - extension:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnID:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'authorityKeyIdentifier'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - critical:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   FALSE
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnValue:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L4 - extension:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnID:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'basicConstraints'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - critical:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   FALSE
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L5 - extnValue:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   30 03 01 01  ff
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L6 - basicConstraints:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L7 - CA:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   ff
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   TRUE
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - signatureAlgorithm:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - algorithm:
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   'md5WithRSAEncryption'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - signature:
[snip]
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: Changing to directory 
'/etc/ipsec.d/crls'
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]:   loaded crl file 'crl.pem' (698 
bytes)
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   file content is not binary ASN.1
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   -----BEGIN X509 CRL-----
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   -----END X509 CRL-----
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: |   file coded in PEM format
Jul 31 21:06:15 pc2-cmbg4-6-cust24 pluto[19360]: | L0 - certificateList:
[snip]
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - tbsCertList:
[snip]
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - signature:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L3 - sigAlg:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   'md5WithRSAEncryption'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - issuer:
[snip]
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   'C=GB, ST=Cambridgeshire, 
L=Cambridge, O=Emery Ltd, CN=xxxxxxx.dynalias.net, [EMAIL PROTECTED]'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - thisUpdate:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   'Jul 31 19:52:32 UTC 2003'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - nextUpdate:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   'Aug 30 19:52:32 UTC 2003'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - signatureAlgorithm:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L2 - algorithm:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   'md5WithRSAEncryption'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - signature:
[snip]
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]:   could not open my default X.509 
cert file '/etc/x509cert.der'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: OpenPGP certificate file 
'/etc/pgpcert.pgp' not found
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | next event EVENT_SHUNT_SCAN in 118 
seconds
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |  
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | *received whack message
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: listening for IKE messages
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | found lo with address 127.0.0.1
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | found eth0 with address 
xxx.xxx.xxx.xxx
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | found eth1 with address 192.168.16.1
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | found ipsec0 with address 
xxx.xxx.xxx.xxx
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | IP interface eth1 192.168.16.1 has 
no matching ipsec* interface -- ignored
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: adding interface ipsec0/eth0 
xxx.xxx.xxx.xxx
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | IP interface lo 127.0.0.1 has no 
matching ipsec* interface -- ignored
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | could not open /proc/net/if_inet6
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: loading secrets from 
"/etc/ipsec.secrets"
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]:   loaded private key file 
'/etc/ipsec.d/private/xxxxxxx.dynalias.net.key' (1743 bytes)
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   file content is not binary ASN.1
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   -----BEGIN RSA PRIVATE KEY-----
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   Proc-Type: 4,ENCRYPTED
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   DEK-Info: 
DES-EDE3-CBC,7814E4CDF827618E
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   -----END RSA PRIVATE KEY-----
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   decrypting file using 
'DES-EDE3-CBC'
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: |   file coded in PEM format
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L0 - RSAPrivateKey:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - version:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - modulus:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - publicExponent:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - privateExponent:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - prime1:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - prime2:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - exponent1:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - exponent2:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | L1 - coefficient:
Jul 31 21:06:16 pc2-cmbg4-6-cust24 pluto[19360]: | next event EVENT_SHUNT_SCAN in 118 
seconds

[Users] Wierd certificate validity dates

Reply via email to