[strongSwan] charon: 11[IKE] no private key found for 'bla-bla-bla'
danielml+mailinglists.strongswan at sent.com
Thu Jun 3 12:22:59 CEST 2010
> Connection stop with "charon: 11[IKE] no private key found for..." followed by gateway's cert ID.
> Private gateway's key is in /etc/ipsec.d/private/gw.superprime.ru-key.pem and not encrypted.
> Looks like strongswan didn't "see" private key gw.superprime.ru-key.pem.
Putting your private key in /etc/ipsec.d/private/ is not enough. You
also need to tell strongSwan about this key in /etc/ipsec.secrets. Check out
You have to include something like
: RSA moonKey.pem
Note that strongSwan is picky about the exact format of this file. Don't
forget the space character between ":" and "RSA".
Run "ipsec listcerts". It should output something like
issuer: "CN=Example CA, E=ca at example.com"
validity: not before Sep 26 22:45:53 2009, ok
not after Sep 25 22:45:53 2012, ok
pubkey: RSA 1024 bits, has private key
Watch out for "has private key". This tells you whether strongSwan was
able to read the corresponding private key.
Does that answer your question?
More information about the Users