[strongSwan-dev] certificate issue
Aaron Zhang
azhang at SonicWALL.com
Tue Mar 30 14:13:03 CEST 2010
Thanks Martin. Now it can work.
Since I want to use eap feature, I load the eap plugins manually.
Are there any ways to use eap without loading eap plugins manually?
--Aaron
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: 2010年3月30日 19:39
To: Aaron Zhang
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] certificate issue
Hi Aaron,
> loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/Aaron-CA.pem' failed
> loading private key from '/usr/local/etc/ipsec.d/private/vpnKey.key' failed
> loaded plugins: aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509
> stroke eap-mschapv2 eap-identity eap-md5 updown
You are missing the "pem" plugin to decode PEM encoded files, and the
pkcs1 plugin to parse PKCS#1 encoded private/public keys.
If you disabled them during ./configure, you'll have to rebuild
strongSwan with them enabled. Do a "make clean" to rebuild them
properly.
If you have manually specified a plugin list, add the pem and pkcs1
plugins before loading the stroke plugin. We recommend to not set a
plugin load list manually, it is tricky to get it right.
Regards
Martin
More information about the Dev
mailing list