[strongSwan] Errors establishing connection

Martin Willi martin at strongswan.org
Tue Apr 17 16:53:49 CEST 2012


Hi,

> I use pre-shared keys.

Looks more like you're using certificates?

> sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
> sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"

> received cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
> received cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"

> received end entity cert "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"

Hm, I really don't see what's going on here. Is this all the same
certificate, or did you generate different certificates with all the
same subject?

> using trusted certificate "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
> signature validation failed, looking for another key
>    using certificate "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
>    using trusted ca certificate "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
>    reached self-signed root ca with a path length of 0
> authentication of 'C=AU, ST=Some-State, O=Internet Widgits Pty Ltd' with RSA signature successful

I'd recommend to generate certificates with unique names, helps a lot in
debugging.

> constraint check failed: peer not authenticated with peer cert 'C=AU, ST=Some-State, O=Internet Widgits Pty Ltd'.

This means that the certificate the peer used for authentication does
not match the one you configured with rightcert. Probably it used
another certificate with the same subject?

Kind Regards
Martin





More information about the Users mailing list