<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Hi, all<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">I met a problem when did interoperability test between Strongswan and my IPsec implementation. <o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">I try to send a certificate with PEM format to Strongswan point, but it reports that doesn't support. </SPAN><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">I found that the Strongswan uses the DER "X.509 Certificate - Signature" format in Certificate Payload even if in the Ipsec.conf file the "leftcert" point to a PEM file. <o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">The other issue is that after I changed the Certificate from PEM to DER and try again, the strongswan reported "Authentication of 'CN=**, ST=**, E=***, OU=SSG, O=SGG' with RSA signature failed."<o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> <o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">My questions are: 1. Does Strongswan support PEM format? 2. The authentication failed means the Certificate has problem or the authentication Payload has problem?<o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> <o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Your answer are appreciated. </SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> <o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Thanks<o:p></o:p></SPAN><BR>
<SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Michalle<o:p></o:p></SPAN><BR>
<BR> </body>
</html>