[strongSwan] Wildcard certificates
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jul 7 12:43:03 CEST 2010
Hello Claude,
as far as I know strongSwan does not treat '*' in the subject
Distinguished Name as a wildcard in comparisons with an IKEv2 ID.
strongSwan rather treats a '*' in an IKEv2 ID as a wildcard in
comparisons with IDs contained in a certificate.
Regards
Andreas
On 07.07.2010 10:39, Claude Tompers wrote:
> Hello,
>
> I'm trying to make strongswan work with our wildcard certificate, but I'm getting a strange error.
>
> Here's my log :
>
> Jul 7 10:34:08 vpn6-test charon: 12[CFG] id 'vpn6-pub.restena.lu' not confirmed by certificate, defaulting to 'C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=*.restena.lu'
>
> So far I think this is not a problem, but then :
>
> Jul 7 10:34:18 vpn6-test charon: 10[IKE] no private key found for 'C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=*.restena.lu'
>
> The wildcard certificate work perfectly on other servers.
> I installed the certificate exactly the same way as my self-signed before. That one worked perfectly.
>
> Is it possible the the "/" or the "*" characters make some issues ?
>
> thanks a lot in advance
>
> kind regards
> Claude
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100707/45ff83c8/attachment.bin>
More information about the Users
mailing list