<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">I’m generating an ecdsa server cert but am getting the following errors.. I’ve built with openssl.. what am I missing?</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""># swanctl --load-creds</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class="">loaded certificate from '/etc/swanctl/x509/vpnserver.crt'</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">loaded certificate from '/etc/swanctl/x509/vpnserver1.crt'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><b class="">building CRED_PRIVATE_KEY - ANY failed, tried 4 builders</b></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">loaded private key from '/etc/swanctl/private/vpnserver.key'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">loaded rsa key from '/etc/swanctl/private/vpnserver1.key’</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; line-height: normal; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">List of X.509 End Entity Certificates</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal; min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> subject: "CN=vpnserver1"</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> issuer: "CN=Vivace Root CA"</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> validity: not before May 15 07:00:32 2018, ok</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> not after Jun 14 07:00:32 2019, ok (expires in 394 days)</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> serial: c2:79:0c:c6:8b:27:50:6c</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> altNames: vpnserver1, 35.177.138.182</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> flags: serverAuth ikeIntermediate </span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> OCSP URIs: <a href="http://127.0.0.1:2560" class="">http://127.0.0.1:2560</a></span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> authkeyId: ff:4e:05:ee:8a:b3:d7:24:62:96:78:9a:b6:f0:51:82:b4:8f:f9:50</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> subjkeyId: d8:12:51:d5:a8:6c:d1:f3:f4:6e:77:d0:79:51:bc:1f:56:a3:0a:5e</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> pubkey: RSA 2048 bits, has private key</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> keyid: 6b:2a:e9:4f:82:d7:d1:cd:b4:3d:71:56:d9:90:62:1f:1a:c9:3a:a2</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> subjkey: d8:12:51:d5:a8:6c:d1:f3:f4:6e:77:d0:79:51:bc:1f:56:a3:0a:5e</span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">building CRED_CERTIFICATE - X509 failed, tried 3 builders</b></span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><b class="">parsing certificate failed</b></span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="font-family: Menlo; font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures;" class=""><font face="Menlo" class=""><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">openssl req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes \</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">-subj "/CN=vpnserver" \</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">-keyout /ca/private/vpnserver.key -out /ca/requests/vpnserver.csr</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><br class=""></div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">openssl ca -config /ca/openssl.cnf -create_serial -days 395 \</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">-keyfile /ca/private/ca.key -cert /ca/ca.crt -passin pass:"${CAKEYPSWD}" \</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">-in /ca/requests/vpnserver.csr -notext \</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">-extfile <(cat <<EOF</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">basicConstraints = CA:false</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">subjectKeyIdentifier = hash</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">authorityKeyIdentifier = keyid,issuer</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">authorityInfoAccess = OCSP;URI:<a href="http://127.0.0.1:2560" class="">http://127.0.0.1:2560</a></div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">extendedKeyUsage = serverAuth, ikeIntermediate</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">subjectAltName = DNS:vpnserver</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">EOF</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class="">)</div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><br class=""></div><div style="font-size: 11px; margin: 0px; font-stretch: normal; line-height: normal;" class=""><br class=""></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class="">./configure --prefix=/usr --sysconfdir=/etc \</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class=""> --enable-systemd --enable-swanctl \</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class=""> --disable-charon --disable-stroke --disable-scepclient \</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class=""> --enable-eap-identity --enable-eap-mschapv2 --enable-md4 \</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class=""> --enable-eap-tls --enable-eap-dynamic \</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-size: 11px;" class=""> --enable-curl --enable-gcm --enable-openssl</span></div></div></font></span></div></span></div></body></html>