[strongSwan-dev] certificate issue

Aaron Zhang azhang at SonicWALL.com
Tue Mar 30 12:06:41 CEST 2010

Hi All,
When I launched the strongswan as the following command, it displayed some failures about certificates. I used openssl to generate the CA and certificates. I am very sure the certificates are correct. But strongswan told me it can not load the ca. Anyone can give me some help?
[root at Aaron Aaron]# ipsec restart --nofork
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 4.3.6 IPsec [starter]...
00[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.6)
00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
00[LIB] building CRED_CERTIFICATE - X509 failed, tried 2 builders
00[CFG]   loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' failed
00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 2 builders
00[CFG]   loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed
00[CFG]   loaded EAP secret for aaron
00[DMN] loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke eap-mschapv2 eap-identity eap-md5 updown
00[JOB] spawning 16 worker threads
charon (4707) started after 20 ms


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100330/42d31509/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2310 bytes
Desc: image001.gif
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100330/42d31509/attachment.gif>

More information about the Dev mailing list