[strongSwan-dev] simple RSA authentication w/o CA
Martin Willi
martin at strongswan.org
Mon Feb 4 16:52:31 CET 2013
> the public key is entered as text (RFC 3110 DNSKEY format) in the
> left|rightrsasigkey.
> charon: 13[LIB] building CRED_PUBLIC_KEY - RSA failed, tried 3 builders
> charon: 13[CFG] loading RSA public key for "<leftid>" failed
Loading the public key fails for some reason. Have you built and enabled
both the dnskey and the pubkey plugins? These are required to load raw
public keys.
> charon: 04[IKE] no private key found for '<leftid>'
This is just a consequence of the failure above. The daemon needs a
certificate (or a public key loaded with a leftid) to find a private key
for a given identity.
> <leftid> : RSA <leftid>.pem
This doesn't help, as charon does not depend on/respect the identities
assigned to a private key.
Alternatively, you can try to specify a path to the (PEM or DER encoded)
public key in left/rightrsasigkey. This way you don't need RFC 3110
encoded keys.
Regards
Martin
More information about the Dev
mailing list