[strongSwan] Private key not found
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jun 22 11:49:18 CEST 2010
Hi Shane,
the first output comes from the IKEv1 pluto daemon who
finds the matching private key whereas the second output
is from the IKEv2 charon daemon who fails in finding the
private key. If you disable the pluto daemon by setting
config setup
plutostart=no
in ipsec.conf then you won't get these duplicate outputs.
Returning to your problem:
- Which strongSwan version are you using?
- Is your private key encrypted by a password?
- Are there any error messages in your log if you type
ipsec rereadsecrets
Regards
Andreas
22.06.2010 11:29, Shane W wrote:
> Hey all,
>
> I have done some archive searching on this one and previous
> issues have either been with ipsec.secrets providing the
> right password or key not matching cert issues. However, I
> have checked these things and am still getting this
> message.
>
> Jun 22 02:10:32 li01 charon: 14[IKE] no private key found
> for 'C=CA, ST=British Columbia, O=Continuum Systems,
> CN=li01.csy.ca'
>
> And yet, an ipsec listcerts shows that the cert has the
> private key the first time round but in the endpoint list,
> it doesn't. Why is the key being listed twice here?
>
> li01:~# ipsec listcerts
> 000
> 000 List of X.509 End Certificates:
> 000
> 000 Jun 22 02:20:59 2010, count: 1
> 000 subject: 'C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca'
> 000 issuer: 'C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA'
> 000 serial: 02
> 000 validity: not before Jun 22 02:08:43 2010 ok
> 000 not after Jun 19 02:08:43 2020 ok
> 000 pubkey: RSA 2048 bits, has private key
> 000 keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
> 000 subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
> 000 authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>
> List of X.509 End Entity Certificates:
>
> subject: "C=CA, ST=British Columbia, O=Continuum Systems, CN=li01.csy.ca"
> issuer: "C=CA, ST=British Columbia, L=Vancouver, O=Continuum Systems, CN=li01 CA"
> serial: 02
> validity: not before Jun 22 02:08:43 2010, ok
> not after Jun 19 02:08:43 2020, ok
> pubkey: RSA 2048 bits
> keyid: 09:c2:ed:6b:83:fc:99:1d:dc:ba:8d:68:9c:dc:4d:bd:68:a7:ab:4b
> subjkey: 32:83:42:5c:1a:d7:96:42:e7:73:45:dc:d7:b4:7c:02:f3:8f:41:6c
> authkey: 0d:33:d4:3b:fd:a8:40:03:88:ad:65:ba:dd:f6:57:50:72:b5:90:f2
>
> Any help greatly appreciated,
> Shane
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100622/cbb42b90/attachment.bin>
More information about the Users
mailing list