[strongSwan] policy missing in issuing certificate/no trusted RSA public key found/deleting IKE_SA
Martin Willi
martin at strongswan.org
Fri Jun 21 16:40:50 CEST 2013
Hi Damien,
> 02[CFG] policy 1.2.250.1.141.1.1.1 missing in issuing certificate '...'
> 02[IKE] no trusted RSA public key found for '...'
Your issuing CA certificate does not have the certificate policy [1]
(nor an anyPolicy) that is included in your issued certificate.
Therefore your certificate is considered invalid, and the tunnel can't
get established.
You may disable advanced X.509 constraints checking, if you don't
need/want it, using the --disable-constraints ./configure option.
Regards
Martin
[1]http://tools.ietf.org/html/rfc5280#section-4.2.1.4
More information about the Users
mailing list