[strongSwan] policy missing in issuing certificate/no trusted RSA public key found/deleting IKE_SA

Martin Willi martin at strongswan.org
Fri Jun 21 16:40:50 CEST 2013

Hi Damien,

> 02[CFG] policy missing in issuing certificate '...'
> 02[IKE] no trusted RSA public key found for '...'

Your issuing CA certificate does not have the certificate policy [1]
(nor an anyPolicy) that is included in your issued certificate.
Therefore your certificate is considered invalid, and the tunnel can't
get established.

You may disable advanced X.509 constraints checking, if you don't
need/want it, using the --disable-constraints ./configure option.



More information about the Users mailing list