<div dir="ltr"><div>This is at originator side where we are seeing the issue.. </div><div><br></div><div>~# ipsec listcerts</div><div><br></div><div>List of X.509 End Entity Certificates</div><div><br></div><div> subject: "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E6:20"</div><div> issuer: "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs Device Certification Authority"</div><div> validity: not before Sep 14 16:13:24 2017, ok</div><div> not after Sep 14 16:13:24 2018, ok (expires in 276 days)</div><div> serial: 01:ff:ff:05:e6:e6:20</div><div> authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b</div><div> subjkeyId: 71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f</div><div> pubkey: RSA 2048 bits, has private key</div><div> keyid: 85:d3:eb:51:9a:a8:1e:f6:ff:14:ee:cc:64:f6:2f:e0:32:99:1b:ce</div><div> subjkey: 71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 11, 2017 at 4:11 PM, rajeev nohria <span dir="ltr"><<a href="mailto:rajnohria@gmail.com" target="_blank">rajnohria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Let me know if you need more info..</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 11, 2017 at 2:45 PM, rajeev nohria <span dir="ltr"><<a href="mailto:rajnohria@gmail.com" target="_blank">rajnohria@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Please find the key and config. I am using davici so I am printing the configuration from log as commands are executing.<div><br></div><div><div> Load-Connection command </div><div> Section start rpdfc00:cada:c404::200 </div><div> Version is 2 </div><div> Local_addrs is fc00:cada:c404:607::1004 </div><div> remote_addrs is fc00:cada:c404::200 </div><div> local_port is 500 </div><div> remote_port is 500 </div><div> proposals is aes128-sha256-modp2048 </div><div> local section </div><div> auth is pubkey </div><div> RPD ip address is fc00:cada:c404:607::1004 </div><div> id is C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E6:20 </div><div> remote </div><div> id is %any </div><div> auth is pubkey </div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><div class="m_8288709627819427727HOEnZb"><div class="m_8288709627819427727h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 11, 2017 at 10:39 AM, Jafar Al-Gharaibeh <span dir="ltr"><<a href="mailto:jafar@atcorp.com" target="_blank">jafar@atcorp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Can you share your config/secret files ?<span class="m_8288709627819427727m_-4399084978002407852HOEnZb"><font color="#888888"><br>
<br>
--Jafar <br></font></span><div><div class="m_8288709627819427727m_-4399084978002407852h5">
<br>
<br>
<div class="m_8288709627819427727m_-4399084978002407852m_6274109077906184671moz-cite-prefix">On 12/11/2017 9:17 AM, rajeev nohria
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Anyone can help in this issue, I have setup the id
with Subject id. Still have this issue. Is anything else I am
missing?
<div>Thanks,</div>
<div>Rajeev</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 14, 2017 at 12:44 PM,
rajeev nohria <span dir="ltr"><<a href="mailto:rajnohria@gmail.com" target="_blank">rajnohria@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div><br>
</div>
Not sure what is wrong here, Can you let me know if I am
missing something here.
<div><br>
</div>
<div><br>
<div><br>
</div>
<div>
<p class="MsoNormal">16[KNL] creating acquire job for
policy
fc00:cada:c406:607::1001/128[t<wbr>cp/43005] ===
fc00:cada:c406::200/128[tcp/81<wbr>90]
with reqid {2}<span></span></p>
<p class="MsoNormal">2017-11-13
15:58:56,001-HalTransport.py-9<wbr>4-INFO-Start a
agent transport interface, path =
[/tmp/Hal/agent/client/1/push]<span></span></p>
<p class="MsoNormal">15[IKE] initiating IKE_SA
rpdfc00:cada:c406::200[1] to
fc00:cada:c406::200<span></span></p>
<p class="MsoNormal">15[ENC] generating IKE_SA_INIT
request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]<span></span></p>
<p class="MsoNormal">15[NET] sending packet: from
fc00:cada:c406:607::1001[500]
to fc00:cada:c406::200[500] (456 bytes)<span></span></p>
<p class="MsoNormal">10[NET] received packet: from
fc00:cada:c406::200[500] to
fc00:cada:c406:607::1001[500] (453 bytes)<span></span></p>
<p class="MsoNormal">10[ENC] parsed IKE_SA_INIT
response 0 [ SA KE No CERTREQ ]<span></span></p>
<p class="MsoNormal">10[IKE] received cert request for
"C=US, O=CableLabs,
OU=TEST Root CA01, CN=TEST CableLabs Root
Certification Authority"<span></span></p>
<p class="MsoNormal">10[IKE] received 1 cert requests
for an unknown ca<span></span></p>
<p class="MsoNormal">10[IKE] sending cert request for
"C=US, O=CableLabs,
OU=TEST Device CA01, CN=TEST CableLabs Device
Certification Authority"<span></span></p>
<p class="MsoNormal">10[IKE] sending cert request for
"C=US, O=CableLabs,
OU=TEST Root CA01, CN=TEST CableLabs Root
Certification Authority"<span></span></p>
<p class="MsoNormal">10[IKE] no private key found for
'C=US, O=ARRIS Group, Inc.,
OU=DCA Remote Device Certificate,
CN=FF:FF:05:E6:E6:20'<span></span></p>
<p class="MsoNormal">13[KNL] creating delete job for
CHILD_SA
ESP/0x00000000/fc00:cada:c406:<wbr>:200<span></span></p>
<p class="MsoNormal">08[JOB] CHILD_SA
ESP/0x00000000/fc00:cada:c406:<wbr>:200 not
found for delete<span></span></p>
<p class="MsoNormal">06[KNL] creating acquire job for
policy
fc00:cada:c406:607::1001/128[t<wbr>cp/39047] ===
fc00:cada:c406::200/128[tcp/81<wbr>90]
with reqid {2}<span></span></p>
<p class="MsoNormal">16[IKE] initiating IKE_SA
rpdfc00:cada:c406::200[2] to
fc00:cada:c406::200<span></span></p>
<p class="MsoNormal">16[ENC] generating IKE_SA_INIT
request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]<span></span></p>
<p class="MsoNormal">16[NET] sending packet: from
fc00:cada:c406:607::1001[500]
to fc00:cada:c406::200[500] (456 bytes)<span></span></p>
<p class="MsoNormal">11[NET] received packet: from
fc00:cada:c406::200[500] to
fc00:cada:c406:607::1001[500] (453 bytes)<span></span></p>
<p class="MsoNormal">11[ENC] parsed IKE_SA_INIT
response 0 [ SA KE No CERTREQ ]<span></span></p>
<p class="MsoNormal">11[IKE] received cert request for
"C=US, O=CableLabs,
OU=TEST Root CA01, CN=TEST CableLabs Root
Certification Authority"<span></span></p>
<p class="MsoNormal">11[IKE] received 1 cert requests
for an unknown ca<span></span></p>
<p class="MsoNormal">11[IKE] sending cert request for
"C=US, O=CableLabs,
OU=TEST Device CA01, CN=TEST CableLabs Device
Certification Authority"<span></span></p>
<p class="MsoNormal">11[IKE] sending cert request for
"C=US, O=CableLabs,
OU=TEST Root CA01, CN=TEST CableLabs Root
Certification Authority"<span></span></p>
<p class="MsoNormal"><span style="background:yellow">11[IKE]
no private key found for 'C=US, O=ARRIS Group,
Inc., OU=DCA Remote Device
Certificate, CN=FF:FF:05:E6:E6:20</span><span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">root@plnx_aarch64:~# <span style="background:yellow">ip -s xfrm state</span>
<span></span></p>
<p class="MsoNormal">src fc00:cada:c406:607::1001 dst
fc00:cada:c406::200<span></span></p>
<p class="MsoNormal"> proto esp spi
0x00000000(0) reqid 2(0x00000002) mode transport<span></span></p>
<p class="MsoNormal"> replay-window 0
seq 0x00000002 flag (0x00000000)<span></span></p>
<p class="MsoNormal"> anti-replay
context: seq 0x0, oseq 0x0, bitmap 0x00000000<span></span></p>
<p class="MsoNormal"> sel src
fc00:cada:c406:607::1001/128 dst
fc00:cada:c406::200/128 proto tcp sport 39047
dport 8190 uid 0<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(bytes), hard (INF)(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(packets), hard (INF)(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 165(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 16:01:42 use -<span></span></p>
<p class="MsoNormal"> stats:<span></span></p>
<p class="MsoNormal">
replay-wind<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">root@plnx_aarch64:~# <span style="background:yellow">ip -s xfrm policy</span><span></span></p>
<p class="MsoNormal">src fc00:cada:c406::200/128 dst
fc00:cada:c406:607::1001/128
<span style="background:yellow">proto tcp</span> uid
0<span></span></p>
<p class="MsoNormal"> dir in action
allow index 88 priority 234336 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(bytes), hard (INF)(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(packets), hard (INF)(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 15:58:55 use -<span></span></p>
<p class="MsoNormal"> tmpl src :: dst
::<span></span></p>
<p class="MsoNormal">
proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
transport<span></span></p>
<p class="MsoNormal">
level required share any <span></span></p>
<p class="MsoNormal"> enc-mask
ffffffff auth-mask ffffffff comp-mask ffffffff<span></span></p>
<p class="MsoNormal">src fc00:cada:c406:607::1001/128
dst fc00:cada:c406::200/128
<span style="background:yellow">proto tcp</span> uid
0<span></span></p>
<p class="MsoNormal"> dir out action
allow index 81 priority 234336 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(bytes), hard (INF)(bytes)<span></span></p>
<p class="MsoNormal"> limit:
soft (INF)(packets), hard (INF)(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 15:58:55 use -<span></span></p>
<p class="MsoNormal"> tmpl src :: dst
::<span></span></p>
<p class="MsoNormal">
proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
transport<span></span></p>
<p class="MsoNormal">
level required
share any <span></span></p>
<p class="MsoNormal"> enc-mask
ffffffff auth-mask ffffffff comp-mask ffffffff<span></span></p>
<p class="MsoNormal">src fc00:cada:c406::200/128 dst
fc00:cada:c406:607::1001/<span style="background:yellow">128 proto l2tp</span>
uid 0<span></span></p>
<p class="MsoNormal"> dir in action
allow index 72 priority 234336 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(bytes), hard (INF)(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(packets), hard (INF)(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 15:58:55 use -<span></span></p>
<p class="MsoNormal"> tmpl src :: dst ::<span></span></p>
<p class="MsoNormal">
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
transport<span></span></p>
<p class="MsoNormal">
level required share any <span></span></p>
<p class="MsoNormal"> enc-mask
ffffffff auth-mask ffffffff comp-mask ffffffff<span></span></p>
<p class="MsoNormal">src fc00:cada:c406:607::1001/128
dst fc00:cada:c406::200/128
<span style="background:yellow">proto l2tp</span>
uid 0<span></span></p>
<p class="MsoNormal"> dir out action
allow index 65 priority 234336 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(bytes), hard (INF)(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft (INF)(packets), hard (INF)(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 15:58:55 use -<span></span></p>
<p class="MsoNormal"> tmpl src :: dst
::<span></span></p>
<p class="MsoNormal">
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
transport<span></span></p>
<p class="MsoNormal">
level required share any <span></span></p>
<p class="MsoNormal"> enc-mask
ffffffff auth-mask ffffffff comp-mask ffffffff<span></span></p>
<p class="MsoNormal">src <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
dst <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> uid 0<span></span></p>
<p class="MsoNormal"> socket in action
allow index 59 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
dst <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> uid 0<span></span></p>
<p class="MsoNormal"> socket out action
allow index 52 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
dst <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> uid 0<span></span></p>
<p class="MsoNormal"> socket in action
allow index 43 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
dst <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> uid 0<span></span></p>
<p class="MsoNormal"> socket out action
allow index 36 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src ::/0 dst ::/0 uid 0<span></span></p>
<p class="MsoNormal"> socket in action
allow index 27 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src ::/0 dst ::/0 uid 0<span></span></p>
<p class="MsoNormal"> socket out action
allow index 20 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use -<span></span></p>
<p class="MsoNormal">src ::/0 dst ::/0 uid 0<span></span></p>
<p class="MsoNormal"> socket in action
allow index 11 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal"> limit:
soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use 2017-11-13 16:04:42<span></span></p>
<p class="MsoNormal">src ::/0 dst ::/0 uid 0<span></span></p>
<p class="MsoNormal"> socket out action
allow index 4 priority 0 share any flag
(0x00000000)<span></span></p>
<p class="MsoNormal"> lifetime config:<span></span></p>
<p class="MsoNormal">
limit: soft 0(bytes), hard 0(bytes)<span></span></p>
<p class="MsoNormal">
limit: soft 0(packets), hard 0(packets)<span></span></p>
<p class="MsoNormal">
expire add: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal">
expire use: soft 0(sec), hard 0(sec)<span></span></p>
<p class="MsoNormal"> lifetime current:<span></span></p>
<p class="MsoNormal">
0(bytes), 0(packets)<span></span></p>
<p class="MsoNormal"> add
2017-11-13 18:46:13 use 2017-11-13 16:04:30<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">################# Certificates
######################<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">v --in <b>privKey.pem</b><span></span></p>
<p class="MsoNormal"> privkey: RSA 2048 bits<span></span></p>
<p class="MsoNormal"> keyid:
85:d3:eb:51:9a:a8:1e:f6:ff:14:<wbr>ee:cc:64:f6:2f:e0:32:99:1b:ce<span></span></p>
<p class="MsoNormal"> subjkey:
71:83:c0:b4:3e:40:06:f1:e5:30:<wbr>d2:14:2c:82:e7:76:13:37:f4:6f<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# pki
--print --type x509 --in <b>Dcert.pem</b><span></span></p>
<p class="MsoNormal"> opening 'Dcert.pem' failed: No
such file or directory<span></span></p>
<p class="MsoNormal">building CRED_CERTIFICATE - X509
failed, tried 4 builders<span></span></p>
<p class="MsoNormal">parsing input failed<span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# pki
--print --type x509 --in
DCert.pem <span></span></p>
<p class="MsoNormal"> subject: "C=US, O=ARRIS Group,
Inc.,
OU=DCA Remote Device Certificate,
CN=FF:FF:05:E6:E6:20"<span></span></p>
<p class="MsoNormal"> issuer: "C=US, O=CableLabs,
OU=TEST
Device CA01, CN=TEST CableLabs Device Certification
Authority"<span></span></p>
<p class="MsoNormal"> validity: not before Sep 14
16:13:24 2017, ok<span></span></p>
<p class="MsoNormal">
not after Sep 14 16:13:24 2018, ok (expires in 305
days)<span></span></p>
<p class="MsoNormal"> serial: 01:ff:ff:05:e6:e6:20<span></span></p>
<p class="MsoNormal"> authkeyId:
f6:dc:40:8a:89:b6:7b:7a:08:f6:<wbr>78:b5:4a:28:7a:7f:57:9b:f9:9b<span></span></p>
<p class="MsoNormal"> subjkeyId:
71:83:c0:b4:3e:40:06:f1:e5:30:<wbr>d2:14:2c:82:e7:76:13:37:f4:6f<span></span></p>
<p class="MsoNormal"> pubkey: RSA 2048 bits<span></span></p>
<p class="MsoNormal"> keyid:
85:d3:eb:51:9a:a8:1e:f6:ff:14:<wbr>ee:cc:64:f6:2f:e0:32:99:1b:ce<span></span></p>
<p class="MsoNormal"> subjkey:
71:83:c0:b4:3e:40:06:f1:e5:30:<wbr>d2:14:2c:82:e7:76:13:37:f4:6f<span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# <span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# <span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# <span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# pki
--print --type x509 --in <b>DMCert.pem</b><span></span></p>
<p class="MsoNormal"> subject: "C=US, O=CableLabs,
OU=TEST
Device CA01, CN=TEST CableLabs Device Certification
Authority"<span></span></p>
<p class="MsoNormal"> issuer: "C=US, O=CableLabs,
OU=TEST
Root CA01, CN=TEST CableLabs Root Certification
Authority"<span></span></p>
<p class="MsoNormal"> validity: not before Dec 09
23:08:49 2014, ok<span></span></p>
<p class="MsoNormal">
not after Dec 09 23:08:49
2049, ok (expires in 11714 days)<span></span></p>
<p class="MsoNormal"> serial:
a0:16:bc:73:85:0e:65:37<span></span></p>
<p class="MsoNormal"> altNames: CN=SYMC-3072-5<span></span></p>
<p class="MsoNormal"> flags: CA CRLSign <span></span></p>
<p class="MsoNormal"> pathlen: 0<span></span></p>
<p class="MsoNormal"> authkeyId:
89:62:79:3d:b4:07:c9:f3:c6:97:<wbr>59:dd:b6:dc:65:0b:33:54:ff:fb<span></span></p>
<p class="MsoNormal"> subjkeyId:
f6:dc:40:8a:89:b6:7b:7a:08:f6:<wbr>78:b5:4a:28:7a:7f:57:9b:f9:9b<span></span></p>
<p class="MsoNormal"> pubkey: RSA 3072 bits<span></span></p>
<p class="MsoNormal"> keyid:
b7:98:32:e4:ae:30:02:57:f7:ad:<wbr>cb:2b:37:41:17:9c:1b:9d:79:28<span></span></p>
<p class="MsoNormal"> subjkey:
f6:dc:40:8a:89:b6:7b:7a:08:f6:<wbr>78:b5:4a:28:7a:7f:57:9b:f9:9b<span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# ls<span></span></p>
<p class="MsoNormal">DCert.pem
DMCertTemp.der privKey.pem<span></span></p>
<p class="MsoNormal">DCertTemp.der
DRCert.pem privKeyTemp.der<span></span></p>
<p class="MsoNormal">DMCert.pem
DRCertTemp.der privKeyTemp1.der<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# pki
--print --type x509 --in <b>DRCert.pem</b>
<span></span></p>
<p class="MsoNormal"> subject: "C=US, O=CableLabs,
OU=TEST
Root CA01, CN=TEST CableLabs Root Certification
Authority"<span></span></p>
<p class="MsoNormal"> issuer: "C=US, O=CableLabs,
OU=TEST
Root CA01, CN=TEST CableLabs Root Certification
Authority"<span></span></p>
<p class="MsoNormal"> validity: not before Nov 11
17:19:44 2014, ok<span></span></p>
<p class="MsoNormal">
not after Nov 11 17:19:44 2064, ok (expires in
17165 days)<span></span></p>
<p class="MsoNormal"> serial:
b1:b0:d3:be:83:ee:bf:e3<span></span></p>
<p class="MsoNormal"> altNames: CN=MPKI-4096-1-206<span></span></p>
<p class="MsoNormal"> flags: CA CRLSign
self-signed
<span></span></p>
<p class="MsoNormal"> subjkeyId:
89:62:79:3d:b4:07:c9:f3:c6:97:<wbr>59:dd:b6:dc:65:0b:33:54:ff:fb<span></span></p>
<p class="MsoNormal"> pubkey: RSA 4096 bits<span></span></p>
<p class="MsoNormal"> keyid:
bd:0e:4c:0f:21:cf:f0:49:af:19:<wbr>34:3b:c2:64:c5:31:a1:2e:11:07<span></span></p>
<p class="MsoNormal"> subjkey:
89:62:79:3d:b4:07:c9:f3:c6:97:<wbr>59:dd:b6:dc:65:0b:33:54:ff:fb<span></span></p>
<p class="MsoNormal">root@plnx_aarch64:/var/priv# <span></span></p>
<p class="MsoNormal"><span> </span></p>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>