[strongSwan-dev] certificate issue

Aaron Zhang azhang at SonicWALL.com
Tue Mar 30 14:13:03 CEST 2010

Thanks Martin. Now it can work. 
Since I want to use eap feature, I load the eap plugins manually. 
Are there any ways to use eap without loading eap plugins manually?


-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org] 
Sent: 2010年3月30日 19:39
To: Aaron Zhang
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] certificate issue

Hi Aaron,

> loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' failed

> loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed

> loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
>                 stroke eap-mschapv2 eap-identity eap-md5 updown 

You are missing the "pem" plugin to decode PEM encoded files, and the
pkcs1 plugin to parse PKCS#1 encoded private/public keys.

If you disabled them during ./configure, you'll have to rebuild
strongSwan with them enabled. Do a "make clean" to rebuild them

If you have manually specified a plugin list, add the pem and pkcs1
plugins before loading the stroke plugin. We recommend to not set a
plugin load list manually, it is tricky to get it right.


More information about the Dev mailing list