<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px"><div id="yui_3_16_0_1_1456379109609_5036">Hi,</div><div id="yui_3_16_0_1_1456379109609_5036"><br></div><div id="yui_3_16_0_1_1456379109609_5036">I'm setting up EAP-TTLS-Radius client on StrongSwan5.3.5.</div><div id="yui_3_16_0_1_1456379109609_5036"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius Server(Freeradius2.1.12)</div><div id="yui_3_16_0_1_1456379109609_5036"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">I got the following error when the Client tries to connect.</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">> Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=AAA, O=OOO, CN=TEST'</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">I installed certification of the server:</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">ipsec.d/certs/<br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr" class="">/usr/local/etc/ipsec.d# ls certs/</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr" class="">server.pem</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr" class="">When I checked by "ipsec listall", no item about "<span style="font-family: 'Courier New'; white-space: pre-wrap;" id="yui_3_16_0_1_1456379109609_5395" class="">List of X.509 End Entity Certificates"</span> is listed up.</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">Is it wrong about the way to store certificate?</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">Or another reason? (e.g. plugin is not enough)</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">Regards,</div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr"><br></div><div id="yui_3_16_0_1_1456379109609_5036" dir="ltr">Log:</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[TLS] negotiated TLS 1.0 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[TLS] processing TLS Handshake record (708 bytes)</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[TLS] received TLS Certificate handshake (704 bytes)</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[LIB] signature verification:</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=ES, O=ACCV, CN=ACCVRAIZ1'</div><div id="yui_3_16_0_1_1456379109609_5036" class="">Feb 25 14:41:13 tester charon: 05[TLS] buffering 254 bytes, 254 bytes of 530 byte TLS record received</div><div id="yui_3_16_0_1_1456379109609_5036" class="" dir="ltr">Feb 25 14:41:13 tester charon: 05[TLS] sending fatal TLS alert 'access denied'</div></div></body></html>