[strongSwan] Wildcard certificates

Claude Tompers claude.tompers at restena.lu
Fri Jul 9 15:09:45 CEST 2010 

Oops, sometimes I forget the most evident things.
I forgot to put the keyfile into the ipsec.secrets.
My bad, so sorry.

kind regards,
Claude


On Wednesday 07 July 2010 13:06:11 Claude Tompers wrote:
> Hello Stefan,
> 
> Ok, in that case the IKEv2 ID is not that important, but why can't it find the key for the default DN 'C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=*.restena.lu' ?
> 
> kind regards
> Claude
> 
> 
> On Wednesday 07 July 2010 12:43:03 Andreas Steffen wrote:
> > Hello Claude,
> > 
> > as far as I know strongSwan does not treat '*' in the subject
> > Distinguished Name as a wildcard in comparisons with an IKEv2 ID.
> > 
> > strongSwan rather treats a '*' in an IKEv2 ID as a wildcard in
> > comparisons with IDs contained in a certificate.
> > 
> > Regards
> > 
> > Andreas
> > 
> > On 07.07.2010 10:39, Claude Tompers wrote:
> > > Hello,
> > > 
> > > I'm trying to make strongswan work with our wildcard certificate, but I'm getting a strange error.
> > > 
> > > Here's my log :
> > > 
> > > Jul  7 10:34:08 vpn6-test charon: 12[CFG]   id 'vpn6-pub.restena.lu' not confirmed by certificate, defaulting to 'C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=*.restena.lu'
> > > 
> > > So far I think this is not a problem, but then :
> > > 
> > > Jul  7 10:34:18 vpn6-test charon: 10[IKE] no private key found for 'C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=*.restena.lu'
> > > 
> > > The wildcard certificate work perfectly on other servers.
> > > I installed the certificate exactly the same way as my self-signed before. That one worked perfectly.
> > > 
> > > Is it possible the the "/" or the "*" characters make some issues ?
> > > 
> > > thanks a lot in advance
> > > 
> > > kind regards
> > > Claude
> > 
> > ======================================================================
> > Andreas Steffen                         andreas.steffen at strongswan.org
> > strongSwan - the Linux VPN Solution!                www.strongswan.org
> > Institute for Internet Technologies and Applications
> > University of Applied Sciences Rapperswil
> > CH-8640 Rapperswil (Switzerland)
> > ===========================================================[ITA-HSR]==
> > 
> > 
> 
> 

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100709/c47b5af6/attachment.pgp>

More information about the Users mailing list