Re: [Users] WG: signature is invalid.

[Andreas Steffen]

Here again, the cacert which you provide in
/etc/ipsec.d/cacerts is not the same which signed the
host certificate sent by the peer.
Regards

Andreas

thomas WOLFF wrote:

Hi all !
 Please I need help.
 
I have a freeswan 1.98b.
linux suse 8.0
 
using road connection ( x509 certificate )
rsa authentification...
 
but the signature isn't accept on the linux server why ?
I have generate the signatur a thousand times but it doesn't work. 
I'm using french docs at
http://www.decaservices.com/docs/securite/vpn/freeswan.html
 
var/log/messages on linux server  
 
Jul 31 11:01:51 BefundServer pluto[4212]: | Subject: 'C= xx , ST= xxxxx
, L= xxxx , O=A xxxx , CN= xxxxxx ,
<mailto:[EMAIL PROTECTED]'> [EMAIL PROTECTED]'
Jul 31 11:01:51 BefundServer pluto[4212]: |   not before  : Jul 28
16:00:46 UTC 2003
Jul 31 11:01:51 BefundServer pluto[4212]: |   current time: Jul 31
09:01:51 UTC 2003
Jul 31 11:01:51 BefundServer pluto[4212]: |   not after   : Jul 27
16:00:46 UTC 2004
Jul 31 11:01:51 BefundServer pluto[4212]: |   certificate is valid
Jul 31 11:01:51 BefundServer pluto[4212]: | Issuer: 'C= xx , ST= xxxxx ,
L= xxxxr, O= xxxx , CN=  xxxxxx ,  <mailto:[EMAIL PROTECTED]'>
[EMAIL PROTECTED]'
Jul 31 11:01:51 BefundServer pluto[4212]: |   issuer CA certificate
found
Jul 31 11:01:51 BefundServer pluto[4212]: | Signature Algorithm:
'md5WithRSAEncryption'
Jul 31 11:01:51 BefundServer pluto[4212]: |   digest:  31 26 5e f4  bb
34 f9 f5  ce 77 e7 eb  6c 7c 13 76
Jul 31 11:01:51 BefundServer pluto[4212]: |   decrypted signature: 
Jul 31 11:01:51 BefundServer pluto[4212]: |   00 43 d6 a1  bd bc fa db
55 2c 76 1d  43 23 27 c3
Jul 31 11:01:51 BefundServer pluto[4212]: |   59 04 25 1e  dc 1d 25 74
c7 6e 0e 0d  05 4c f0 47
Jul 31 11:01:51 BefundServer pluto[4212]: |   dc c4 af cd  86 2a 17 f0
53 76 e1 c7  ea da 59 d9
Jul 31 11:01:51 BefundServer pluto[4212]: |   65 4e e1 6b  c2 56 da dc
d5 3a b8 b5  1d df 33 1f
Jul 31 11:01:51 BefundServer pluto[4212]: |   6c ad b7 73  53 c1 84 5a
7e 48 66 d6  a8 c5 4b e4
Jul 31 11:01:51 BefundServer pluto[4212]: |   6f 02 43 31  22 7e de e6
21 42 c1 b7  5e 17 26 a4
Jul 31 11:01:51 BefundServer pluto[4212]: |   4b 8c 04 12  ea f7 04 69
71 4b 0f 2a  f7 9d f7 42
Jul 31 11:01:51 BefundServer pluto[4212]: |   dd 94 5b f8  6a 6b d9 98
1f e0 83 2f  3f d4 6e 3e
Jul 31 11:01:51 BefundServer pluto[4212]: |   e0
Jul 31 11:01:51 BefundServer pluto[4212]: "traupe"[3] 195.242.99.19 #2:
Certificate signature is invalid
Jul 31 11:01:51 BefundServer pluto[4212]: "traupe"[3] 195.242.99.19 #2:
X.509 certificate rejected

 
Thank 
Thomas WOLFF.



--
=======================================================================
Andreas Steffen                   e-mail: [EMAIL PROTECTED]
strongSec GmbH                    home:   http://www.strongsec.com
Alter Z�richweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===