[strongSwan] Private key not found

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 22 11:49:18 CEST 2010


Hi Shane,

the first output comes from the IKEv1 pluto daemon who
finds the matching private key whereas the second output
is from the IKEv2 charon daemon who fails in finding the
private key. If you disable the pluto daemon by setting

config setup
     plutostart=no

in ipsec.conf then you won't get these duplicate outputs.

Returning to your problem:

- Which strongSwan version are you using?

- Is your private key encrypted by a password?

- Are there any error messages in your log if you type
   ipsec rereadsecrets

Regards

Andreas

22.06.2010 11:29, Shane W wrote:
> Hey all,
>
> I have done some archive searching on this one and previous
> issues have either been with ipsec.secrets providing the
> right password or key not matching cert issues. However, I
> have checked these things and am still getting this
> message.
>
> Jun 22 02:10:32 li01 charon: 14[IKE] no private key found
> for 'C=CA, ST=British Columbia, O=Continuum Systems,
> CN=li01.csy.ca'
>
> And yet, an ipsec listcerts shows that the cert has the
> private key the first time round but in the endpoint list,
> it doesn't. Why is the key being listed twice here?
>
> li01:~# ipsec listcerts
> 000
> 000 List of X.509 End Certificates:
> 000
> 000 Jun 22 02:20:59 2010, count: 1
> 000        subject:  'C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca'
> 000        issuer:   'C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA'
> 000        serial:    02
> 000        validity:  not before Jun 22 02:08:43 2010 ok
> 000                   not after  Jun 19 02:08:43 2020 ok
> 000        pubkey:    RSA 2048 bits, has private key
> 000        keyid:     09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
> 000        subjkey:   32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
> 000        authkey:   0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>
> List of X.509 End Entity Certificates:
>
>    subject:  "C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca"
>    issuer:   "C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA"
>    serial:    02
>    validity:  not before Jun 22 02:08:43 2010, ok
>               not after  Jun 19 02:08:43 2020, ok
>    pubkey:    RSA 2048 bits
>    keyid:     09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
>    subjkey:   32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
>    authkey:   0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>
> Any help greatly appreciated,
> Shane

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100622/cbb42b90/attachment.bin>


More information about the Users mailing list