[strongSwan] policy missing in issuing certificate/no trusted RSA public key found/deleting IKE_SA
dams.benoist at gmail.com
Fri Jun 21 17:22:32 CEST 2013
Now I'm getting the following log messages:
charon: 13[ENC] parsed INFORMATIONAL_V1 request 3643419866 [ HASH N(INVAL_ID) ]
charon: 13[IKE] received INVALID_ID_INFORMATION error notify
charon: 14[NET] received packet: from <remoteIP> to
<localIP> (84 bytes)
charon: 14[ENC] parsed INFORMATIONAL_V1 request 2844175511 [ HASH D ]
charon: 14[IKE] received DELETE for IKE_SA cnx
charon: 14[IKE] deleting IKE_SA cnx between <localIP>[...]...<remoteIP>[...]
# ipsec up cnx
received INVALID_ID_INFORMATION error notify
establishing connection 'cnt' failed
2013/6/21 Martin Willi <martin at strongswan.org>:
> Hi Damien,
>> 02[CFG] policy 22.214.171.124.126.96.36.199 missing in issuing certificate '...'
>> 02[IKE] no trusted RSA public key found for '...'
> Your issuing CA certificate does not have the certificate policy 
> (nor an anyPolicy) that is included in your issued certificate.
> Therefore your certificate is considered invalid, and the tunnel can't
> get established.
> You may disable advanced X.509 constraints checking, if you don't
> need/want it, using the --disable-constraints ./configure option.
More information about the Users