[strongSwan-dev] certificate issue

Martin Willi martin at strongswan.org
Tue Mar 30 13:39:23 CEST 2010

Hi Aaron,

> loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' failed

> loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed

> loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
>                 stroke eap-mschapv2 eap-identity eap-md5 updown 

You are missing the "pem" plugin to decode PEM encoded files, and the
pkcs1 plugin to parse PKCS#1 encoded private/public keys.

If you disabled them during ./configure, you'll have to rebuild
strongSwan with them enabled. Do a "make clean" to rebuild them

If you have manually specified a plugin list, add the pem and pkcs1
plugins before loading the stroke plugin. We recommend to not set a
plugin load list manually, it is tricky to get it right.


More information about the Dev mailing list