Hi Everyone, <div><br></div><div> I am using strongswan load tester to load my server. I am trying with option initiator_auth=pubkey in strongswan.conf file. Currently i am trying to use the certificate present in the strongswan load_tester_creds.c file. These are the steps am following. </div>
<div><br></div><div>1. Copy the certificate in the load_tester_creds.c file to CACERT.pem, and place it in /etc/ipsec.d/cacerts/ directory and also in /etc/ipsec.d/certs/ directory as initiator_cert.pem file. </div><div>
<br>
</div><div>2. Copy the private key in the load_tester_creds.c file to PRIKEY.pem and place it in /etc/ipsec.d/private/ directory</div><div><br></div><div>3. Alter the content of /etc/ipsec.secrets file as : RSA PRIKEY.pem</div>
<div><br></div><div>4. Create a CSR from the server and sign it with the strongswan CACERT.pem and PRIKEY.pem with the following command</div><div> <b>openssl x509 -req -days 365 -in srv.csr -CA CACERT.pem -CAkey PRIKEY.pem -set_serial 01 -out ServCert.pem</b></div>
<div><br></div><div>5. Now, create a CRL withe the following command</div><div> <b> openssl ca -gencrl -keyfile PRIVKEY.pem -cert CACERT.pem -out strcrl.pem -crldays 30</b></div><div><br></div><div><b>6. Now IMPORT all the CACERT.pem, ServCert.pem and strcrl.pem on to the server. </b></div>
<div><br></div><div>7. Initiate the command ipsec start from the client.</div><div><br></div><div>After doing all these My server is telling <b><font size="4">Certificate not found. !!!!!</font></b></div><div><br></div><div>
Also, CSR of the server contains a subjectAltName, but when i extracted the information <b>(openssl x509 -text -in ca-cer.pem)</b> from the strongswan certificate <b>IT WAS NOT HAVING</b> subjectAltName. </div><div><br></div>
<div>Can i somehow add subjectAltName to strongswan certificate ? or can i create a CSR from strongswan side ? </div><div><br></div><div>Also i enabled the detailed logs in ipsec.conf, i can see NO ERRORS in the log, but after IKE_SA_INIT, i can see strongswan is sending IKE_AUTH (5 times since retransmit_tries=5 ) and telling peer not responding. In the server side it is telling Certificate not found !!. </div>
<div><br></div><div>Please help me to solve this problem. </div>