[strongSwan] Problem to read private key - x509
frr8rrf at gmail.com
Mon Mar 5 19:42:48 CET 2012
Hi Andreas, thank you for the information.
I made a review in the files, and really, I found some errors in
ipsec.secrets, I forgot to change the name of the key file.
But, after correct the erro, other message appear in the log:
Mar 5 14:45:11 opensuse2-vm charon: 00[CFG] loading secrets from
Mar 5 14:45:11 opensuse2-vm charon: 00[LIB] L1 - version: *ASN1 tag 0x02
expected, but is 0x30*
Mar 5 14:45:11 opensuse2-vm charon: 00[LIB] building CRED_PRIVATE_KEY -
RSA failed, tried 10 builders
Mar 5 14:45:11 opensuse2-vm charon: 00[CFG] loading private key from
I found email messages (
the same subject, but I'm confused for the correct format of the file (key
and certificate), is .der or .pem ?
The certificate files was generated as .pem and have this format (below):
opensuse2-vm:~/certs # cat 198key.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
and the ipsec.secrets:
opensuse2-vm:/etc # cat ipsec.secrets
: RSA 198key.pem "thekey"
I want to mention that way I generated the cert:
Is correct ? of I need to use openssl to generate the certs ?
Thank you !
Em 5 de março de 2012 11:50, Andreas Steffen <andreas.steffen at strongswan.org
> Hi Leandro,
> either the syntax in your private key file is not correct or
> the key file is encrypted and you didn't specify the passphrase
> in /etc/ipsec.secrets.
> : RSA 198key.pem "<passphrase>"
> You can increase the debug level to
> charondebug="lib 4"
> and check for additional error messages in the log file.
> On 05.03.2012 15:31, Leandro . wrote:
> > HI,
> > I've created de certificates x509 in /root/certs, after this, I've
> > copied the certificate to /etc/ipsec.d/certs and the private key to
> > /etc/ipsec.d/private.
> > However, there is a problem to load the private key:
> > _
> > 00[CFG] loading private key from '/etc/ipsec.d/private/198key.pem'
> > My question: how can I force to strongswan read the private key in this
> > directory ?
> > Or clean some information, to read a new file?
> > I did ipsec rereadall, rereadcacerts, but didn't work.
> > Thank you.
> > --
> > *Jefferson Leandro*
> > *Curitiba - BR*
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
*Curitiba - BR*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users