[strongSwan] PKCS#12 and leftid
Jacques Monin
jacques.monin01 at gmail.com
Wed May 13 11:05:22 CEST 2015
The RDN specifies C=FR, but I don't know if I have to do something more to
precise the encoding. Am I supposed to change it at the creation of the
x509, of the p12 or after ?
Moreover, I noticed that the Common Name is used as an unique identifier
for the certificate ? Is it possible to use it for leftid ?
Regards
2015-05-12 21:15 GMT+02:00 Volker Rümelin <vr_strongswan at t-online.de>:
> Hi Jacques,
>
> After reading your explanations, I tried :
>>
>> 1)
>> leftid="C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
>> jacques.monin01 at gmail.com <mailto:jacques.monin01 at gmail.com>"
>> I get : no private key found for 'C=FR, ST=R??gion Parisienne, L=Paris,
>> OU=Org, CN=1.Org, E=jacques.monin01 at gmail.com <mailto:
>> jacques.monin01 at gmail.com>'
>>
>>
> I see ?? as replacement for é in the log output. This suggests your
> ipsec.conf encoding is UTF-8.
>
> For example my certificate subjet is :
>> C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
>> jacques.monin01 at gmail.com <mailto:jacques.monin01 at gmail.com>
>> but when I do ipsec listall I have :
>> C=FR, ST=R?gion Parisienne, L=Paris, OU=Org, CN=1.Org, E=
>> jacques.monin01 at gmail.com <mailto:jacques.monin01 at gmail.com>
>>
>>
> Here you have only one ?. The encoding is definitely not UTF-8. Change the
> RDN in your certificate to UTF8String and I expect your leftid subject will
> match.
>
> Regards,
> Volker
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150513/6c3d05de/attachment.html>
More information about the Users
mailing list