[strongSwan] need help for host2host-cert setup

[Abbhishek Misra]

Hello All, Andres,

I did a fresh start and got stuck at "could not parse loaded
certificate file '/etc/ipsec.d/cacerts/cacert.pem'"

I used openssl instead of CA.sh

openssl req -x509 -newkey rsa:2048 -keyout private/cakey.pem -out
cacerts/cacert.pem

 openssl req -newkey rsa:2048 -keyout private/maikaKey.pem  -out
reqs/maikaReq.pem

 openssl ca -in reqs/maikaReq.pem -out certs/maikaCert.pem -cert
/etc/ipsec.d/cacerts/cacert.pem


following are messages when i reread ca certificates

Mar 29 16:57:25 plm61 charon: 12[CFG] rereading ca certificates from
'/etc/ipsec.d/cacerts'
Mar 29 16:57:25 plm61 charon: 12[LIB] failed to create a builder for
credential type CRED_PUBLIC_KEY, subtype (0)
Mar 29 16:57:25 plm61 charon: 12[LIB]   could not parse loaded
certificate file '/etc/ipsec.d/cacerts/cacert.pem'
Mar 29 16:57:25 plm61 charon: 12[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)


I fixed openssl.cnf as suggested
here is my  /etc/ssl/openssl.cnf  http://pastebin.com/DeUdKNfx


secrets files looks like this  cat /etc/ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA maikaKey.pem "password"
: RSA cakey.pem "password"


this is my /etc/ipsec.conf    http://pastebin.com/VPcG7iVR


i used all reread commands and ipsec restart

on ipsec restart  i get following

Mar 29 17:23:16 plm61 ipsec_starter[5687]: charon (5688) started after 20 ms
Mar 29 17:23:16 plm61 charon: 03[CFG] received stroke: add connection
'host-host'
Mar 29 17:23:16 plm61 charon: 03[LIB] failed to create a builder for
credential type CRED_PUBLIC_KEY, subtype (0)
Mar 29 17:23:16 plm61 charon: 03[LIB]   could not parse loaded
certificate file '/etc/ipsec.d/certs/maikaCert.pem'
Mar 29 17:23:16 plm61 charon: 03[LIB] failed to create a builder for
credential type CRED_CERTIFICATE, subtype (1)
Mar 29 17:23:16 plm61 charon: 03[CFG] added configuration 'host-host'

regards
Abhishek