[strongSwan] Unable to parse certs on smart card

Stephen Wilcox stephen at tyfone.com
Thu Mar 6 01:32:42 CET 2014


Greetings strongSwan team,

I have generated keys and certs using the ipsec pki, per the simple CA
instructions then loaded them onto a smart card.

strongSwan  reads the certs from the card, but fails to parse them:
...
00[ASN] L2 - subjectPublicKeyInfo:
00[ASN] -- > --
00[ASN] -- < --
00[LIB] *building CRED_CERTIFICATE - X509 failed, tried 2 builders*
00[CFG]     *loading cert 'Certificate' failed*
...

>From ipsec statusall:
Status of IKE charon daemon (strongSwan *5.1.1*, Linux 3.5.0-46-generic,
x86_64):
...
  loaded plugins: charon *pkcs11* aes des rc2 sha1 sha2 md5 random nonce
*x509* revocation constraints pubkey *pkcs1* pkcs7 pkcs8 pkcs12 pgp dnskey
sshkey *pem* fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
socket-default stroke updown xauth-generic


Here are the commands I used to create and store the keys and certs:
# Generate CA and Peer keys and certs
ipsec pki --gen > localCaKey.der
ipsec pki --self --in localCaKey.der --dn "C=US, O=Example, CN=Example CA
Root" --ca --san vpn.example.com> localCaCert.der
ipsec pki --gen > localPeerKey.der
ipsec pki --pub --in localPeerKey.der | ipsec pki --issue --cacert
localCaCert.der --cakey localCaKey.der --dn "C=US, O=Example, CN=
client.example.com" --san client.example.com > localPeerCert.der
# Convert private key format from DER to PEM
openssl rsa -inform der -in localPeerKey.der -out localPeerKey.pem

#Store certificates on card
pkcs15-init  --erase-card --pin 00000000 --puk 00000000 --no-so-pin
pkcs15-init --create-pkcs15 --pin 00000000 --no-so-pin
pkcs15-init --store-pin --auth-id 1 --pin "00000000" --puk "00000000"
--label "strongSwan"
pkcs15-init --auth-id 1 --store-private-key localPeerKey.pem --id 45
pkcs15-init --store-certificate localPeerCert.der --format DER --id 45
pkcs15-init --store-certificate localCaCert.der --format DER --authority
--pin 00000000
pkcs15-tool --list-pins --list-keys --list-certificates

Here is what is stored on my smart card after these operations:
$ pkcs15-tool --list-pins --list-keys --list-certificates
Using reader with a card: Tyfone Connected Smart Card 00 00
X.509 Certificate [Certificate]
Object Flags   : [0x2], modifiable
 Authority      : no
Path           : 3f0050153100
 ID             : 45
Encoded serial : 02 08 4E59529DE3846259
X.509 Certificate [Certificate]
Object Flags   : [0x2], modifiable
 Authority      : yes
Path           : 3f0050153102
 ID             : e8024c43ae1cfceb70621af23c39bfd091b4c4e0

Private RSA Key [Certificate]
Object Flags   : [0x3], private, modifiable
 Usage          : [0x4], sign
Access Flags   : [0xD], sensitive, alwaysSensitive, neverExtract
 ModLength      : 2048
Key ref        : 0 (0x0)
 Native         : yes
Path           : 3f005015
 Auth ID        : 01
ID             : 45

PIN [strongSwan]
Object Flags   : [0x3], private, modifiable
 ID             : 01
Flags          : [0x10], initialized
 Length         : min_len:4, max_len:16, stored_len:16
Pad char       : 0x00
 Reference      : 1 (0x01)
Type           : ascii-numeric
 Path           : 3f005015

And here is my log when I start ipsec.  The only change I have made to the
source is increasing the timeout for Charon to allow it to read everything
from the smart card.

00[DMN] Starting IKE charon daemon (strongSwan 5.1.1, Linux
3.5.0-46-generic, x86_64)
00[CFG] loaded PKCS#11 v2.20 library 'opensc-module'
(/usr/lib/pkcs11-spy.so)
00[CFG]   OpenSC (www.opensc-project.org): Smart card PKCS#11 API v0.0
00[CFG]   found token in slot 'opensc-module':1 (Tyfone Connected Smart
Card 00 00)
00[CFG]     TY001PKCS15 (strongSwan) (Tyfone Inc: PKCS#15)
00[CFG]       SHA_1 0-0 [ DGST ]
00[CFG]       SHA256 0-0 [ DGST ]
00[CFG]       SHA384 0-0 [ DGST ]
00[CFG]       SHA512 0-0 [ DGST ]
00[CFG]       MD5 0-0 [ DGST ]
00[CFG]       RIPEMD160 0-0 [ DGST ]
00[CFG]       (4624) 0-0 [ DGST ]
00[CFG]       RSA_X_509 1024-2048 [ HW DECR SIGN VRFY ]
00[CFG]       RSA_PKCS 1024-2048 [ HW DECR SIGN VRFY ]
00[CFG]       SHA1_RSA_PKCS 1024-2048 [ SIGN VRFY ]
00[CFG]       SHA256_RSA_PKCS 1024-2048 [ SIGN VRFY ]
00[CFG]       MD5_RSA_PKCS 1024-2048 [ SIGN VRFY ]
00[CFG]       RIPEMD160_RSA_PKCS 1024-2048 [ SIGN VRFY ]
00[CFG]       RSA_PKCS_KEY_PAIR_GEN 1024-2048 [ GEN_KEY_PAIR ]
00[LIB] plugin 'pkcs11': loaded successfully
00[LIB] plugin 'aes': loaded successfully
00[LIB] plugin 'des': loaded successfully
00[LIB] plugin 'rc2': loaded successfully
00[LIB] plugin 'sha1': loaded successfully
00[LIB] plugin 'sha2': loaded successfully
00[LIB] plugin 'md5': loaded successfully
00[LIB] plugin 'random': loaded successfully
00[LIB] plugin 'nonce': loaded successfully
00[LIB] plugin 'x509': loaded successfully
00[LIB] plugin 'revocation': loaded successfully
00[LIB] plugin 'constraints': loaded successfully
00[LIB] plugin 'pubkey': loaded successfully
00[LIB] plugin 'pkcs1': loaded successfully
00[LIB] plugin 'pkcs7': loaded successfully
00[LIB] plugin 'pkcs8': loaded successfully
00[LIB] plugin 'pkcs12': loaded successfully
00[LIB] plugin 'pgp': loaded successfully
00[LIB] plugin 'dnskey': loaded successfully
00[LIB] plugin 'sshkey': loaded successfully
00[LIB] plugin 'pem': loaded successfully
00[LIB] plugin 'fips-prf': loaded successfully
00[LIB] plugin 'gmp': loaded successfully
00[LIB] plugin 'xcbc': loaded successfully
00[LIB] plugin 'cmac': loaded successfully
00[LIB] plugin 'hmac': loaded successfully
00[LIB] plugin 'attr': loaded successfully
00[LIB] plugin 'kernel-netlink': loaded successfully
00[LIB] plugin 'resolve': loaded successfully
00[LIB] plugin 'socket-default': loaded successfully
00[LIB] plugin 'stroke': loaded successfully
00[LIB] plugin 'updown': loaded successfully
00[LIB] plugin 'xauth-generic': loaded successfully
00[LIB] loading feature CUSTOM:libcharon in plugin 'charon'
00[LIB]   loading feature NONCE_GEN in plugin 'nonce'
00[LIB]     loading feature RNG:RNG_TRUE in plugin 'random'
00[LIB]     loading feature RNG:RNG_STRONG in plugin 'random'
00[LIB]   loading feature CUSTOM:libcharon-receiver in plugin 'charon'
00[LIB]     loading feature HASHER:HASH_SHA1 in plugin 'sha1'
00[LIB]     loading feature CUSTOM:socket in plugin 'socket-default'
00[LIB]       loading feature CUSTOM:kernel-ipsec in plugin 'kernel-netlink'
00[LIB]   loading feature CUSTOM:kernel-net in plugin 'kernel-netlink'
00[LIB] loading feature CUSTOM:pkcs11-certs in plugin 'pkcs11'
00[LIB]   loading feature CERT_DECODE:X509 in plugin 'x509'
00[LIB]     loading feature PUBKEY:RSA in plugin 'pkcs1'
00[LIB]     loading feature PUBKEY:RSA in plugin 'pgp'
00[LIB]     loading feature PUBKEY:RSA in plugin 'dnskey'
00[LIB]     loading feature PUBKEY:RSA in plugin 'pem'
00[LIB]       loop detected while loading PUBKEY:RSA in plugin 'pem'
00[LIB]       loading feature PUBKEY:RSA in plugin 'gmp'
00[LIB]     loading feature PUBKEY:ECDSA in plugin 'pem'
00[LIB] feature PUBKEY:ECDSA in plugin 'pem' has unmet dependency:
PUBKEY:ECDSA
00[LIB]     feature CERT_DECODE:X509 in plugin 'x509' has unmet soft
dependency: PUBKEY:ECDSA
00[LIB]     loading feature PUBKEY:DSA in plugin 'pem'
00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
00[LIB]     feature CERT_DECODE:X509 in plugin 'x509' has unmet soft
dependency: PUBKEY:DSA
00[LIB]   loading feature CERT_DECODE:X509 in plugin 'pem'
00[ASN] L0 - x509:
00[ASN] => 829 bytes @ 0x1f17bb0
00[ASN]    0: 30 82 03 39 30 82 02 21 A0 03 02 01 02 02 08 4E
 0..90..!.......N
00[ASN]   16: 59 52 9D E3 84 62 59 30 0D 06 09 2A 86 48 86 F7
 YR...bY0...*.H..
00[ASN]   32: 0D 01 01 05 05 00 30 39 31 0B 30 09 06 03 55 04
 ......091.0...U.
00[ASN]   48: 06 13 02 55 53 31 10 30 0E 06 03 55 04 0A 13 07
 ...US1.0...U....
00[ASN]   64: 45 78 61 6D 70 6C 65 31 18 30 16 06 03 55 04 03
 Example1.0...U..
00[ASN]   80: 13 0F 45 78 61 6D 70 6C 65 20 43 41 20 52 6F 6F  ..Example CA
Roo
00[ASN]   96: 74 30 1E 17 0D 31 34 30 33 30 36 30 30 30 30 32
 t0...14030600002
00[ASN]  112: 30 5A 17 0D 31 37 30 33 30 35 30 30 30 30 32 30
 0Z..170305000020
00[ASN]  128: 5A 30 3C 31 0B 30 09 06 03 55 04 06 13 02 55 53
 Z0<1.0...U....US
00[ASN]  144: 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70
 1.0...U....Examp
00[ASN]  160: 6C 65 31 1B 30 19 06 03 55 04 03 13 12 63 6C 69
 le1.0...U....cli
00[ASN]  176: 65 6E 74 2E 65 78 61 6D 70 6C 65 2E 63 6F 6D 30
 ent.example.com0
00[ASN]  192: 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01
 .."0...*.H......
00[ASN]  208: 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00
 .......0........
00[ASN]  224: BC FB F6 87 4F 4F EF 8D 3A 32 F5 50 B0 D0 2D 58
 ....OO..:2.P..-X
00[ASN]  240: 82 6D 1E E7 3E F2 F3 C4 3C 35 3C 9C CF 7D 3A 49
 .m..>...<5<..}:I
00[ASN]  256: 92 81 21 60 48 BC F0 6F 3F 2C 6F E7 AC 75 7B B9
 ..!`H..o?,o..u{.
00[ASN]  272: 55 28 C9 1B 82 C9 6F A4 DF B9 3C 5D 85 18 9D 22
 U(....o...<]..."
00[ASN]  288: FE 3B 91 32 68 54 EF C8 D9 28 63 0D F2 66 A2 E3
 .;.2hT...(c..f..
00[ASN]  304: 5B F2 41 DB 4F 11 B5 CD 06 6A 50 87 11 2D A5 68
 [.A.O....jP..-.h
00[ASN]  320: EA 59 4A 56 73 17 18 65 F0 63 CF 37 0F F2 9E 8F
 .YJVs..e.c.7....
00[ASN]  336: 64 CF 0D E0 37 DB B6 BB C2 EE F9 F8 D9 61 C5 4E
 d...7........a.N
00[ASN]  352: 14 48 B0 81 FB 15 10 CB B1 8E AA F2 26 8A EC E1
 .H..........&...
00[ASN]  368: 32 58 C0 50 6B 7F 1B C0 FF 53 7E 2F E1 9D FC B1
 2X.Pk....S~/....
00[ASN]  384: C6 D3 34 AC 46 BA DE 49 E8 A5 D8 F0 E2 59 29 E9
 ..4.F..I.....Y).
00[ASN]  400: B7 C6 85 68 D6 FE FF 17 87 E4 AE C4 C6 DA 8E 41
 ...h...........A
00[ASN]  416: 65 C8 B8 93 B1 74 DC 0F 5B 23 C5 39 AE 4A 4A 21
 e....t..[#.9.JJ!
00[ASN]  432: 81 D2 23 EB EE AE DA E8 EE 26 C2 55 1A 91 F4 C9
 ..#......&.U....
00[ASN]  448: 32 88 EB 61 E0 C9 C5 DB 5E DA E8 A4 51 30 D1 0C
 2..a....^...Q0..
00[ASN]  464: 55 F5 62 76 85 08 30 FC 0E AD E2 3D E6 EF 80 65
 U.bv..0....=...e
00[ASN]  480: 02 03 01 00 01 A3 42 30 40 30 1F 06 03 55 1D 23  ......B0 at 0.
..U.#
00[ASN]  496: 04 18 30 16 80 14 A7 1B B6 64 0C A8 14 7E 7D FC
 ..0......d...~}.
00[ASN]  512: 11 0B FB 59 E6 FA 5E 0E C3 33 30 1D 06 03 55 1D
 ...Y..^..30...U.
00[ASN]  528: 11 04 16 30 14 82 12 63 6C 69 65 6E 74 2E 65 78
 ...0...client.ex
00[ASN]  544: 61 6D 70 6C 65 2E 63 6F 6D 30 0D 06 09 2A 86 48
 ample.com0...*.H
00[ASN]  560: 86 F7 0D 01 01 05 05 00 03 82 01 01 00 B1 CC 90
 ................
00[ASN]  576: 4B 4F 84 CE C6 55 81 FB 9D 21 74 6C D0 26 D0 3E
 KO...U...!tl.&.>
00[ASN]  592: DF 3B 98 C0 6B 72 88 A7 DD 0D D1 A6 26 8C 71 08
 .;..kr......&.q.
00[ASN]  608: 6A 79 34 D1 71 15 7F 8E CF 48 A7 21 45 6A 9A BA
 jy4.q....H.!Ej..
00[ASN]  624: F1 9A 03 6D BB A1 8C BC 40 1F DD 9E 38 2D 0D FE  ...m....@
...8-..
00[ASN]  640: 08 9F 9D 44 9A 2A C7 44 1C 1D B1 63 86 10 3F 50
 ...D.*.D...c..?P
00[ASN]  656: 0F FE FD FD A7 B5 5A 18 DA 66 6B A0 4F 79 0F 32
 ......Z..fk.Oy.2
00[ASN]  672: 1E 52 93 81 ED 48 8D D9 9D 7D EF 78 49 52 DD 45
 .R...H...}.xIR.E
00[ASN]  688: 7E B9 21 2D CD 1F 99 27 48 89 D8 F4 5A A0 E2 20
 ~.!-...'H...Z..
00[ASN]  704: CF BB E5 F8 97 0D 4C F1 46 C5 69 EB 30 DB AC 4B
 ......L.F.i.0..K
00[ASN]  720: 2A D9 6B 59 4B 90 9C C7 8F F7 28 7F 61 62 4E BF
 *.kYK.....(.abN.
00[ASN]  736: E0 AF 05 56 74 17 33 17 0D 21 46 D2 2E 49 5B C0
 ...Vt.3..!F..I[.
00[ASN]  752: EF 2E 26 C3 ED BF E9 1D 67 AC 90 A6 AA D1 2F 3E
 ..&.....g...../>
00[ASN]  768: E7 58 B7 46 8D 6D 6E 07 EB C0 50 8C 44 51 A0 09
 .X.F.mn...P.DQ..
00[ASN]  784: B9 39 A2 CC C0 05 E3 34 FF 0F 3B 08 E4 F2 C3 89
 .9.....4..;.....
00[ASN]  800: FA 8D D0 47 B9 33 8E B6 37 A0 C4 42 C9 B1 4F FD
 ...G.3..7..B..O.
00[ASN]  816: 0C 18 EE 11 07 E5 03 20 99 B8 CC 69 1B           ....... ...i.
00[ASN] L1 - tbsCertificate:
00[ASN] => 549 bytes @ 0x1f17bb4
00[ASN]    0: 30 82 02 21 A0 03 02 01 02 02 08 4E 59 52 9D E3
 0..!.......NYR..
00[ASN]   16: 84 62 59 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
 .bY0...*.H......
00[ASN]   32: 05 00 30 39 31 0B 30 09 06 03 55 04 06 13 02 55
 ..091.0...U....U
00[ASN]   48: 53 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D
 S1.0...U....Exam
00[ASN]   64: 70 6C 65 31 18 30 16 06 03 55 04 03 13 0F 45 78
 ple1.0...U....Ex
00[ASN]   80: 61 6D 70 6C 65 20 43 41 20 52 6F 6F 74 30 1E 17  ample CA
Root0..
00[ASN]   96: 0D 31 34 30 33 30 36 30 30 30 30 32 30 5A 17 0D
 .140306000020Z..
00[ASN]  112: 31 37 30 33 30 35 30 30 30 30 32 30 5A 30 3C 31
 170305000020Z0<1
00[ASN]  128: 0B 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E
 .0...U....US1.0.
00[ASN]  144: 06 03 55 04 0A 13 07 45 78 61 6D 70 6C 65 31 1B
 ..U....Example1.
00[ASN]  160: 30 19 06 03 55 04 03 13 12 63 6C 69 65 6E 74 2E
 0...U....client.
00[ASN]  176: 65 78 61 6D 70 6C 65 2E 63 6F 6D 30 82 01 22 30
 example.com0.."0
00[ASN]  192: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82
 ...*.H..........
00[ASN]  208: 01 0F 00 30 82 01 0A 02 82 01 01 00 BC FB F6 87
 ...0............
00[ASN]  224: 4F 4F EF 8D 3A 32 F5 50 B0 D0 2D 58 82 6D 1E E7
 OO..:2.P..-X.m..
00[ASN]  240: 3E F2 F3 C4 3C 35 3C 9C CF 7D 3A 49 92 81 21 60
 >...<5<..}:I..!`
00[ASN]  256: 48 BC F0 6F 3F 2C 6F E7 AC 75 7B B9 55 28 C9 1B
 H..o?,o..u{.U(..
00[ASN]  272: 82 C9 6F A4 DF B9 3C 5D 85 18 9D 22 FE 3B 91 32
 ..o...<]...".;.2
00[ASN]  288: 68 54 EF C8 D9 28 63 0D F2 66 A2 E3 5B F2 41 DB
 hT...(c..f..[.A.
00[ASN]  304: 4F 11 B5 CD 06 6A 50 87 11 2D A5 68 EA 59 4A 56
 O....jP..-.h.YJV
00[ASN]  320: 73 17 18 65 F0 63 CF 37 0F F2 9E 8F 64 CF 0D E0
 s..e.c.7....d...
00[ASN]  336: 37 DB B6 BB C2 EE F9 F8 D9 61 C5 4E 14 48 B0 81
 7........a.N.H..
00[ASN]  352: FB 15 10 CB B1 8E AA F2 26 8A EC E1 32 58 C0 50
 ........&...2X.P
00[ASN]  368: 6B 7F 1B C0 FF 53 7E 2F E1 9D FC B1 C6 D3 34 AC
 k....S~/......4.
00[ASN]  384: 46 BA DE 49 E8 A5 D8 F0 E2 59 29 E9 B7 C6 85 68
 F..I.....Y)....h
00[ASN]  400: D6 FE FF 17 87 E4 AE C4 C6 DA 8E 41 65 C8 B8 93
 ...........Ae...
00[ASN]  416: B1 74 DC 0F 5B 23 C5 39 AE 4A 4A 21 81 D2 23 EB
 .t..[#.9.JJ!..#.
00[ASN]  432: EE AE DA E8 EE 26 C2 55 1A 91 F4 C9 32 88 EB 61
 .....&.U....2..a
00[ASN]  448: E0 C9 C5 DB 5E DA E8 A4 51 30 D1 0C 55 F5 62 76
 ....^...Q0..U.bv
00[ASN]  464: 85 08 30 FC 0E AD E2 3D E6 EF 80 65 02 03 01 00
 ..0....=...e....
00[ASN]  480: 01 A3 42 30 40 30 1F 06 03 55 1D 23 04 18 30 16  ..B0 at 0.
..U.#..0.
00[ASN]  496: 80 14 A7 1B B6 64 0C A8 14 7E 7D FC 11 0B FB 59
 .....d...~}....Y
00[ASN]  512: E6 FA 5E 0E C3 33 30 1D 06 03 55 1D 11 04 16 30
 ..^..30...U....0
00[ASN]  528: 14 82 12 63 6C 69 65 6E 74 2E 65 78 61 6D 70 6C
 ...client.exampl
00[ASN]  544: 65 2E 63 6F 6D                                   e.com
00[ASN] L2 - DEFAULT v1:
00[ASN] L3 - version:
00[ASN] => 1 bytes @ 0x1f17bbc
00[ASN]    0: 02                                               .
00[ASN]   X.509v3
00[ASN] L2 - serialNumber:
00[ASN] => 8 bytes @ 0x1f17bbf
00[ASN]    0: 4E 59 52 9D E3 84 62 59                          NYR...bY
00[ASN] L2 - signature:
00[ASN] L3 - algorithmIdentifier:
00[ASN] L4 - algorithm:
00[ASN]   'sha-1WithRSAEncryption'
00[ASN] L2 - issuer:
00[ASN] => 59 bytes @ 0x1f17bd6
00[ASN]    0: 30 39 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 091.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 18 30 16 06 03 55 04 03 13 0F 45 78 61 6D
 e1.0...U....Exam
00[ASN]   48: 70 6C 65 20 43 41 20 52 6F 6F 74                 ple CA Root
00[ASN]   'C=US, O=Example, CN=Example CA Root'
00[ASN] L2 - validity:
00[ASN] L3 - notBefore:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 06 00:00:20 UTC 2014'
00[ASN] L3 - notAfter:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 05 00:00:20 UTC 2017'
00[ASN] L2 - subject:
00[ASN] => 62 bytes @ 0x1f17c31
00[ASN]    0: 30 3C 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 0<1.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 1B 30 19 06 03 55 04 03 13 12 63 6C 69 65
 e1.0...U....clie
00[ASN]   48: 6E 74 2E 65 78 61 6D 70 6C 65 2E 63 6F 6D
nt.example.com
00[ASN]   'C=US, O=Example, CN=client.example.com'
00[ASN] L2 - subjectPublicKeyInfo:
00[ASN] -- > --
00[ASN] -- < --
00[LIB] building CRED_CERTIFICATE - X509 failed, tried 2 builders
00[CFG]     loading cert 'Certificate' failed
00[ASN] L0 - x509:
00[ASN] => 888 bytes @ 0x1f16b90
00[ASN]    0: 30 82 03 74 30 82 02 5C A0 03 02 01 02 02 09 00
 0..t0..\........
00[ASN]   16: B1 83 EA AD C8 ED 86 D7 30 0D 06 09 2A 86 48 86
 ........0...*.H.
00[ASN]   32: F7 0D 01 01 05 05 00 30 39 31 0B 30 09 06 03 55
 .......091.0...U
00[ASN]   48: 04 06 13 02 55 53 31 10 30 0E 06 03 55 04 0A 13
 ....US1.0...U...
00[ASN]   64: 07 45 78 61 6D 70 6C 65 31 18 30 16 06 03 55 04
 .Example1.0...U.
00[ASN]   80: 03 13 0F 45 78 61 6D 70 6C 65 20 43 41 20 52 6F  ...Example
CA Ro
00[ASN]   96: 6F 74 30 1E 17 0D 31 34 30 33 30 35 32 33 35 35
 ot0...1403052355
00[ASN]  112: 35 36 5A 17 0D 31 37 30 33 30 34 32 33 35 35 35
 56Z..17030423555
00[ASN]  128: 36 5A 30 39 31 0B 30 09 06 03 55 04 06 13 02 55
 6Z091.0...U....U
00[ASN]  144: 53 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D
 S1.0...U....Exam
00[ASN]  160: 70 6C 65 31 18 30 16 06 03 55 04 03 13 0F 45 78
 ple1.0...U....Ex
00[ASN]  176: 61 6D 70 6C 65 20 43 41 20 52 6F 6F 74 30 82 01  ample CA
Root0..
00[ASN]  192: 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00
 "0...*.H........
00[ASN]  208: 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 D1 58
 .....0.........X
00[ASN]  224: 16 08 57 FE F5 3B 19 61 71 A2 B8 D0 B4 33 DF 54
 ..W..;.aq....3.T
00[ASN]  240: 33 94 BB C0 88 A8 13 BB BE D4 B8 C4 A0 2C 54 5C
 3............,T\
00[ASN]  256: 60 A2 10 8D 76 33 97 7F EC BD AF 06 B2 44 45 4B
 `...v3.......DEK
00[ASN]  272: 09 C3 6B 1D E7 CA F7 2A 94 DC 15 8A 1B 7F 1A B2
 ..k....*........
00[ASN]  288: BF D0 64 DC B1 45 84 9C 79 D8 D1 C7 DB BC 2A 55
 ..d..E..y.....*U
00[ASN]  304: A7 5D 58 1E 75 6B 40 BD 6B 7A FB 45 11 21 92 7B  .]X.uk@
.kz.E.!.{
00[ASN]  320: 84 D8 C2 EC 83 6E C6 FD 4D 5D FA 39 32 5D E7 83
 .....n..M].92]..
00[ASN]  336: A8 3D BE CC 6D D4 E5 55 EB 47 FB 0A 5C 31 95 43
 .=..m..U.G..\1.C
00[ASN]  352: DF 08 20 0A 3D DE 0D F7 D3 68 DA 46 C4 84 14 72  ..
.=....h.F...r
00[ASN]  368: D1 68 A6 C5 17 4E 14 D4 35 99 23 A5 8B E9 38 10
 .h...N..5.#...8.
00[ASN]  384: 9B 16 10 1A 93 27 51 F7 87 A0 09 E2 4E A4 76 5B
 .....'Q.....N.v[
00[ASN]  400: 12 37 19 BD CD F2 0B 34 12 E3 B1 7E E5 F0 1C 43
 .7.....4...~...C
00[ASN]  416: E2 92 55 C6 96 41 B7 44 1E 3E 04 77 52 8E 59 42
 ..U..A.D.>.wR.YB
00[ASN]  432: 7C 2C D5 80 AE 6D B0 48 69 86 ED ED 12 1F CF 02
 |,...m.Hi.......
00[ASN]  448: E7 1C 43 D1 53 B1 29 47 03 A5 39 A6 6B 75 AA CF
 ..C.S.)G..9.ku..
00[ASN]  464: 6F 11 08 B7 E5 BA 64 1D 0F 43 67 DE E8 53 02 03
 o.....d..Cg..S..
00[ASN]  480: 01 00 01 A3 7F 30 7D 30 0F 06 03 55 1D 13 01 01
 .....0}0...U....
00[ASN]  496: FF 04 05 30 03 01 01 FF 30 0E 06 03 55 1D 0F 01
 ...0....0...U...
00[ASN]  512: 01 FF 04 04 03 02 01 06 30 1D 06 03 55 1D 0E 04
 ........0...U...
00[ASN]  528: 16 04 14 A7 1B B6 64 0C A8 14 7E 7D FC 11 0B FB
 ......d...~}....
00[ASN]  544: 59 E6 FA 5E 0E C3 33 30 1F 06 03 55 1D 23 04 18
 Y..^..30...U.#..
00[ASN]  560: 30 16 80 14 A7 1B B6 64 0C A8 14 7E 7D FC 11 0B
 0......d...~}...
00[ASN]  576: FB 59 E6 FA 5E 0E C3 33 30 1A 06 03 55 1D 11 04
 .Y..^..30...U...
00[ASN]  592: 13 30 11 82 0F 76 70 6E 2E 65 78 61 6D 70 6C 65
 .0...vpn.example
00[ASN]  608: 2E 63 6F 6D 30 0D 06 09 2A 86 48 86 F7 0D 01 01
 .com0...*.H.....
00[ASN]  624: 05 05 00 03 82 01 01 00 0D B9 66 7D FF F9 E2 7D
 ..........f}...}
00[ASN]  640: AC B2 A7 FD B0 34 3F B8 7F E5 E5 9A C8 A6 79 00
 .....4?.......y.
00[ASN]  656: E4 87 BD 38 F5 FB 49 B7 DE 48 DE 7A DC 9A 38 14
 ...8..I..H.z..8.
00[ASN]  672: AF EB 56 93 C2 50 5E 60 0F BB 7A 36 4D 87 62 5B
 ..V..P^`..z6M.b[
00[ASN]  688: F0 A4 E9 40 9B 58 B5 D8 27 FA B7 E5 FB 9B 24 CE
 ... at .X..'.....$.
00[ASN]  704: F5 A5 D0 B0 D2 36 8E FE 77 31 8E 15 44 E2 42 B0
 .....6..w1..D.B.
00[ASN]  720: 96 C1 75 4C 0B B0 7E AA 3B 50 CF 92 90 A0 E2 44
 ..uL..~.;P.....D
00[ASN]  736: 4C A9 30 14 F4 F8 FE 0F 37 29 04 DC E1 9A E2 7A
 L.0.....7).....z
00[ASN]  752: 34 1B 4B 73 F0 01 71 CB DA 0F 09 2D F5 4B 1B C5
 4.Ks..q....-.K..
00[ASN]  768: 8A 19 B2 8B DE A4 92 BB 0B 0F 7F E0 D9 09 09 AF
 ................
00[ASN]  784: 4E 92 F2 F3 33 5F E1 3D FC C7 E5 36 D6 F0 E0 70
 N...3_.=...6...p
00[ASN]  800: 4B AE AC 94 6E BA 6A 67 56 6C 0C 5A 0D 98 13 58
 K...n.jgVl.Z...X
00[ASN]  816: 97 FD 84 A4 18 AA 5A A3 72 B8 05 4E 7F 33 2E 3B
 ......Z.r..N.3.;
00[ASN]  832: 00 8D 52 2A C9 3E 1A 6A 1A 30 69 DB 36 F0 72 11
 ..R*.>.j.0i.6.r.
00[ASN]  848: 4B 8C C9 58 C3 FB 78 9B 8F E9 04 F0 D7 7A 7F 3A
 K..X..x......z.:
00[ASN]  864: 49 A8 C6 E3 E8 24 83 49 CB 88 D7 4F 08 B4 85 5F
 I....$.I...O..._
00[ASN]  880: 1D 4D BE C0 6D 06 6D 35                          .M..m.m5
00[ASN] L1 - tbsCertificate:
00[ASN] => 608 bytes @ 0x1f16b94
00[ASN]    0: 30 82 02 5C A0 03 02 01 02 02 09 00 B1 83 EA AD
 0..\............
00[ASN]   16: C8 ED 86 D7 30 0D 06 09 2A 86 48 86 F7 0D 01 01
 ....0...*.H.....
00[ASN]   32: 05 05 00 30 39 31 0B 30 09 06 03 55 04 06 13 02
 ...091.0...U....
00[ASN]   48: 55 53 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61
 US1.0...U....Exa
00[ASN]   64: 6D 70 6C 65 31 18 30 16 06 03 55 04 03 13 0F 45
 mple1.0...U....E
00[ASN]   80: 78 61 6D 70 6C 65 20 43 41 20 52 6F 6F 74 30 1E  xample CA
Root0.
00[ASN]   96: 17 0D 31 34 30 33 30 35 32 33 35 35 35 36 5A 17
 ..140305235556Z.
00[ASN]  112: 0D 31 37 30 33 30 34 32 33 35 35 35 36 5A 30 39
 .170304235556Z09
00[ASN]  128: 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 10 30
 1.0...U....US1.0
00[ASN]  144: 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C 65 31
 ...U....Example1
00[ASN]  160: 18 30 16 06 03 55 04 03 13 0F 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]  176: 65 20 43 41 20 52 6F 6F 74 30 82 01 22 30 0D 06  e CA
Root0.."0..
00[ASN]  192: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F
 .*.H............
00[ASN]  208: 00 30 82 01 0A 02 82 01 01 00 D1 58 16 08 57 FE
 .0.........X..W.
00[ASN]  224: F5 3B 19 61 71 A2 B8 D0 B4 33 DF 54 33 94 BB C0
 .;.aq....3.T3...
00[ASN]  240: 88 A8 13 BB BE D4 B8 C4 A0 2C 54 5C 60 A2 10 8D
 .........,T\`...
00[ASN]  256: 76 33 97 7F EC BD AF 06 B2 44 45 4B 09 C3 6B 1D
 v3.......DEK..k.
00[ASN]  272: E7 CA F7 2A 94 DC 15 8A 1B 7F 1A B2 BF D0 64 DC
 ...*..........d.
00[ASN]  288: B1 45 84 9C 79 D8 D1 C7 DB BC 2A 55 A7 5D 58 1E
 .E..y.....*U.]X.
00[ASN]  304: 75 6B 40 BD 6B 7A FB 45 11 21 92 7B 84 D8 C2 EC  uk@
.kz.E.!.{....
00[ASN]  320: 83 6E C6 FD 4D 5D FA 39 32 5D E7 83 A8 3D BE CC
 .n..M].92]...=..
00[ASN]  336: 6D D4 E5 55 EB 47 FB 0A 5C 31 95 43 DF 08 20 0A
 m..U.G..\1.C.. .
00[ASN]  352: 3D DE 0D F7 D3 68 DA 46 C4 84 14 72 D1 68 A6 C5
 =....h.F...r.h..
00[ASN]  368: 17 4E 14 D4 35 99 23 A5 8B E9 38 10 9B 16 10 1A
 .N..5.#...8.....
00[ASN]  384: 93 27 51 F7 87 A0 09 E2 4E A4 76 5B 12 37 19 BD
 .'Q.....N.v[.7..
00[ASN]  400: CD F2 0B 34 12 E3 B1 7E E5 F0 1C 43 E2 92 55 C6
 ...4...~...C..U.
00[ASN]  416: 96 41 B7 44 1E 3E 04 77 52 8E 59 42 7C 2C D5 80
 .A.D.>.wR.YB|,..
00[ASN]  432: AE 6D B0 48 69 86 ED ED 12 1F CF 02 E7 1C 43 D1
 .m.Hi.........C.
00[ASN]  448: 53 B1 29 47 03 A5 39 A6 6B 75 AA CF 6F 11 08 B7
 S.)G..9.ku..o...
00[ASN]  464: E5 BA 64 1D 0F 43 67 DE E8 53 02 03 01 00 01 A3
 ..d..Cg..S......
00[ASN]  480: 7F 30 7D 30 0F 06 03 55 1D 13 01 01 FF 04 05 30
 .0}0...U.......0
00[ASN]  496: 03 01 01 FF 30 0E 06 03 55 1D 0F 01 01 FF 04 04
 ....0...U.......
00[ASN]  512: 03 02 01 06 30 1D 06 03 55 1D 0E 04 16 04 14 A7
 ....0...U.......
00[ASN]  528: 1B B6 64 0C A8 14 7E 7D FC 11 0B FB 59 E6 FA 5E
 ..d...~}....Y..^
00[ASN]  544: 0E C3 33 30 1F 06 03 55 1D 23 04 18 30 16 80 14
 ..30...U.#..0...
00[ASN]  560: A7 1B B6 64 0C A8 14 7E 7D FC 11 0B FB 59 E6 FA
 ...d...~}....Y..
00[ASN]  576: 5E 0E C3 33 30 1A 06 03 55 1D 11 04 13 30 11 82
 ^..30...U....0..
00[ASN]  592: 0F 76 70 6E 2E 65 78 61 6D 70 6C 65 2E 63 6F 6D  .
vpn.example.com
00[ASN] L2 - DEFAULT v1:
00[ASN] L3 - version:
00[ASN] => 1 bytes @ 0x1f16b9c
00[ASN]    0: 02                                               .
00[ASN]   X.509v3
00[ASN] L2 - serialNumber:
00[ASN] => 9 bytes @ 0x1f16b9f
00[ASN]    0: 00 B1 83 EA AD C8 ED 86 D7                       .........
00[ASN] L2 - signature:
00[ASN] L3 - algorithmIdentifier:
00[ASN] L4 - algorithm:
00[ASN]   'sha-1WithRSAEncryption'
00[ASN] L2 - issuer:
00[ASN] => 59 bytes @ 0x1f16bb7
00[ASN]    0: 30 39 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 091.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 18 30 16 06 03 55 04 03 13 0F 45 78 61 6D
 e1.0...U....Exam
00[ASN]   48: 70 6C 65 20 43 41 20 52 6F 6F 74                 ple CA Root
00[ASN]   'C=US, O=Example, CN=Example CA Root'
00[ASN] L2 - validity:
00[ASN] L3 - notBefore:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 05 23:55:56 UTC 2014'
00[ASN] L3 - notAfter:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 04 23:55:56 UTC 2017'
00[ASN] L2 - subject:
00[ASN] => 59 bytes @ 0x1f16c12
00[ASN]    0: 30 39 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 091.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 18 30 16 06 03 55 04 03 13 0F 45 78 61 6D
 e1.0...U....Exam
00[ASN]   48: 70 6C 65 20 43 41 20 52 6F 6F 74                 ple CA Root
00[ASN]   'C=US, O=Example, CN=Example CA Root'
00[ASN] L2 - subjectPublicKeyInfo:
00[ASN] -- > --
00[ASN] -- < --
00[LIB] building CRED_CERTIFICATE - X509 failed, tried 2 builders
00[CFG]     loading cert 'Certificate' failed
00[ASN] L0 - x509:
00[ASN] => 829 bytes @ 0x1f16a10
00[ASN]    0: 30 82 03 39 30 82 02 21 A0 03 02 01 02 02 08 4E
 0..90..!.......N
00[ASN]   16: 59 52 9D E3 84 62 59 30 0D 06 09 2A 86 48 86 F7
 YR...bY0...*.H..
00[ASN]   32: 0D 01 01 05 05 00 30 39 31 0B 30 09 06 03 55 04
 ......091.0...U.
00[ASN]   48: 06 13 02 55 53 31 10 30 0E 06 03 55 04 0A 13 07
 ...US1.0...U....
00[ASN]   64: 45 78 61 6D 70 6C 65 31 18 30 16 06 03 55 04 03
 Example1.0...U..
00[ASN]   80: 13 0F 45 78 61 6D 70 6C 65 20 43 41 20 52 6F 6F  ..Example CA
Roo
00[ASN]   96: 74 30 1E 17 0D 31 34 30 33 30 36 30 30 30 30 32
 t0...14030600002
00[ASN]  112: 30 5A 17 0D 31 37 30 33 30 35 30 30 30 30 32 30
 0Z..170305000020
00[ASN]  128: 5A 30 3C 31 0B 30 09 06 03 55 04 06 13 02 55 53
 Z0<1.0...U....US
00[ASN]  144: 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70
 1.0...U....Examp
00[ASN]  160: 6C 65 31 1B 30 19 06 03 55 04 03 13 12 63 6C 69
 le1.0...U....cli
00[ASN]  176: 65 6E 74 2E 65 78 61 6D 70 6C 65 2E 63 6F 6D 30
 ent.example.com0
00[ASN]  192: 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01
 .."0...*.H......
00[ASN]  208: 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00
 .......0........
00[ASN]  224: BC FB F6 87 4F 4F EF 8D 3A 32 F5 50 B0 D0 2D 58
 ....OO..:2.P..-X
00[ASN]  240: 82 6D 1E E7 3E F2 F3 C4 3C 35 3C 9C CF 7D 3A 49
 .m..>...<5<..}:I
00[ASN]  256: 92 81 21 60 48 BC F0 6F 3F 2C 6F E7 AC 75 7B B9
 ..!`H..o?,o..u{.
00[ASN]  272: 55 28 C9 1B 82 C9 6F A4 DF B9 3C 5D 85 18 9D 22
 U(....o...<]..."
00[ASN]  288: FE 3B 91 32 68 54 EF C8 D9 28 63 0D F2 66 A2 E3
 .;.2hT...(c..f..
00[ASN]  304: 5B F2 41 DB 4F 11 B5 CD 06 6A 50 87 11 2D A5 68
 [.A.O....jP..-.h
00[ASN]  320: EA 59 4A 56 73 17 18 65 F0 63 CF 37 0F F2 9E 8F
 .YJVs..e.c.7....
00[ASN]  336: 64 CF 0D E0 37 DB B6 BB C2 EE F9 F8 D9 61 C5 4E
 d...7........a.N
00[ASN]  352: 14 48 B0 81 FB 15 10 CB B1 8E AA F2 26 8A EC E1
 .H..........&...
00[ASN]  368: 32 58 C0 50 6B 7F 1B C0 FF 53 7E 2F E1 9D FC B1
 2X.Pk....S~/....
00[ASN]  384: C6 D3 34 AC 46 BA DE 49 E8 A5 D8 F0 E2 59 29 E9
 ..4.F..I.....Y).
00[ASN]  400: B7 C6 85 68 D6 FE FF 17 87 E4 AE C4 C6 DA 8E 41
 ...h...........A
00[ASN]  416: 65 C8 B8 93 B1 74 DC 0F 5B 23 C5 39 AE 4A 4A 21
 e....t..[#.9.JJ!
00[ASN]  432: 81 D2 23 EB EE AE DA E8 EE 26 C2 55 1A 91 F4 C9
 ..#......&.U....
00[ASN]  448: 32 88 EB 61 E0 C9 C5 DB 5E DA E8 A4 51 30 D1 0C
 2..a....^...Q0..
00[ASN]  464: 55 F5 62 76 85 08 30 FC 0E AD E2 3D E6 EF 80 65
 U.bv..0....=...e
00[ASN]  480: 02 03 01 00 01 A3 42 30 40 30 1F 06 03 55 1D 23  ......B0 at 0.
..U.#
00[ASN]  496: 04 18 30 16 80 14 A7 1B B6 64 0C A8 14 7E 7D FC
 ..0......d...~}.
00[ASN]  512: 11 0B FB 59 E6 FA 5E 0E C3 33 30 1D 06 03 55 1D
 ...Y..^..30...U.
00[ASN]  528: 11 04 16 30 14 82 12 63 6C 69 65 6E 74 2E 65 78
 ...0...client.ex
00[ASN]  544: 61 6D 70 6C 65 2E 63 6F 6D 30 0D 06 09 2A 86 48
 ample.com0...*.H
00[ASN]  560: 86 F7 0D 01 01 05 05 00 03 82 01 01 00 B1 CC 90
 ................
00[ASN]  576: 4B 4F 84 CE C6 55 81 FB 9D 21 74 6C D0 26 D0 3E
 KO...U...!tl.&.>
00[ASN]  592: DF 3B 98 C0 6B 72 88 A7 DD 0D D1 A6 26 8C 71 08
 .;..kr......&.q.
00[ASN]  608: 6A 79 34 D1 71 15 7F 8E CF 48 A7 21 45 6A 9A BA
 jy4.q....H.!Ej..
00[ASN]  624: F1 9A 03 6D BB A1 8C BC 40 1F DD 9E 38 2D 0D FE  ...m....@
...8-..
00[ASN]  640: 08 9F 9D 44 9A 2A C7 44 1C 1D B1 63 86 10 3F 50
 ...D.*.D...c..?P
00[ASN]  656: 0F FE FD FD A7 B5 5A 18 DA 66 6B A0 4F 79 0F 32
 ......Z..fk.Oy.2
00[ASN]  672: 1E 52 93 81 ED 48 8D D9 9D 7D EF 78 49 52 DD 45
 .R...H...}.xIR.E
00[ASN]  688: 7E B9 21 2D CD 1F 99 27 48 89 D8 F4 5A A0 E2 20
 ~.!-...'H...Z..
00[ASN]  704: CF BB E5 F8 97 0D 4C F1 46 C5 69 EB 30 DB AC 4B
 ......L.F.i.0..K
00[ASN]  720: 2A D9 6B 59 4B 90 9C C7 8F F7 28 7F 61 62 4E BF
 *.kYK.....(.abN.
00[ASN]  736: E0 AF 05 56 74 17 33 17 0D 21 46 D2 2E 49 5B C0
 ...Vt.3..!F..I[.
00[ASN]  752: EF 2E 26 C3 ED BF E9 1D 67 AC 90 A6 AA D1 2F 3E
 ..&.....g...../>
00[ASN]  768: E7 58 B7 46 8D 6D 6E 07 EB C0 50 8C 44 51 A0 09
 .X.F.mn...P.DQ..
00[ASN]  784: B9 39 A2 CC C0 05 E3 34 FF 0F 3B 08 E4 F2 C3 89
 .9.....4..;.....
00[ASN]  800: FA 8D D0 47 B9 33 8E B6 37 A0 C4 42 C9 B1 4F FD
 ...G.3..7..B..O.
00[ASN]  816: 0C 18 EE 11 07 E5 03 20 99 B8 CC 69 1B           ....... ...i.
00[ASN] L1 - tbsCertificate:
00[ASN] => 549 bytes @ 0x1f16a14
00[ASN]    0: 30 82 02 21 A0 03 02 01 02 02 08 4E 59 52 9D E3
 0..!.......NYR..
00[ASN]   16: 84 62 59 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05
 .bY0...*.H......
00[ASN]   32: 05 00 30 39 31 0B 30 09 06 03 55 04 06 13 02 55
 ..091.0...U....U
00[ASN]   48: 53 31 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D
 S1.0...U....Exam
00[ASN]   64: 70 6C 65 31 18 30 16 06 03 55 04 03 13 0F 45 78
 ple1.0...U....Ex
00[ASN]   80: 61 6D 70 6C 65 20 43 41 20 52 6F 6F 74 30 1E 17  ample CA
Root0..
00[ASN]   96: 0D 31 34 30 33 30 36 30 30 30 30 32 30 5A 17 0D
 .140306000020Z..
00[ASN]  112: 31 37 30 33 30 35 30 30 30 30 32 30 5A 30 3C 31
 170305000020Z0<1
00[ASN]  128: 0B 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E
 .0...U....US1.0.
00[ASN]  144: 06 03 55 04 0A 13 07 45 78 61 6D 70 6C 65 31 1B
 ..U....Example1.
00[ASN]  160: 30 19 06 03 55 04 03 13 12 63 6C 69 65 6E 74 2E
 0...U....client.
00[ASN]  176: 65 78 61 6D 70 6C 65 2E 63 6F 6D 30 82 01 22 30
 example.com0.."0
00[ASN]  192: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82
 ...*.H..........
00[ASN]  208: 01 0F 00 30 82 01 0A 02 82 01 01 00 BC FB F6 87
 ...0............
00[ASN]  224: 4F 4F EF 8D 3A 32 F5 50 B0 D0 2D 58 82 6D 1E E7
 OO..:2.P..-X.m..
00[ASN]  240: 3E F2 F3 C4 3C 35 3C 9C CF 7D 3A 49 92 81 21 60
 >...<5<..}:I..!`
00[ASN]  256: 48 BC F0 6F 3F 2C 6F E7 AC 75 7B B9 55 28 C9 1B
 H..o?,o..u{.U(..
00[ASN]  272: 82 C9 6F A4 DF B9 3C 5D 85 18 9D 22 FE 3B 91 32
 ..o...<]...".;.2
00[ASN]  288: 68 54 EF C8 D9 28 63 0D F2 66 A2 E3 5B F2 41 DB
 hT...(c..f..[.A.
00[ASN]  304: 4F 11 B5 CD 06 6A 50 87 11 2D A5 68 EA 59 4A 56
 O....jP..-.h.YJV
00[ASN]  320: 73 17 18 65 F0 63 CF 37 0F F2 9E 8F 64 CF 0D E0
 s..e.c.7....d...
00[ASN]  336: 37 DB B6 BB C2 EE F9 F8 D9 61 C5 4E 14 48 B0 81
 7........a.N.H..
00[ASN]  352: FB 15 10 CB B1 8E AA F2 26 8A EC E1 32 58 C0 50
 ........&...2X.P
00[ASN]  368: 6B 7F 1B C0 FF 53 7E 2F E1 9D FC B1 C6 D3 34 AC
 k....S~/......4.
00[ASN]  384: 46 BA DE 49 E8 A5 D8 F0 E2 59 29 E9 B7 C6 85 68
 F..I.....Y)....h
00[ASN]  400: D6 FE FF 17 87 E4 AE C4 C6 DA 8E 41 65 C8 B8 93
 ...........Ae...
00[ASN]  416: B1 74 DC 0F 5B 23 C5 39 AE 4A 4A 21 81 D2 23 EB
 .t..[#.9.JJ!..#.
00[ASN]  432: EE AE DA E8 EE 26 C2 55 1A 91 F4 C9 32 88 EB 61
 .....&.U....2..a
00[ASN]  448: E0 C9 C5 DB 5E DA E8 A4 51 30 D1 0C 55 F5 62 76
 ....^...Q0..U.bv
00[ASN]  464: 85 08 30 FC 0E AD E2 3D E6 EF 80 65 02 03 01 00
 ..0....=...e....
00[ASN]  480: 01 A3 42 30 40 30 1F 06 03 55 1D 23 04 18 30 16  ..B0 at 0.
..U.#..0.
00[ASN]  496: 80 14 A7 1B B6 64 0C A8 14 7E 7D FC 11 0B FB 59
 .....d...~}....Y
00[ASN]  512: E6 FA 5E 0E C3 33 30 1D 06 03 55 1D 11 04 16 30
 ..^..30...U....0
00[ASN]  528: 14 82 12 63 6C 69 65 6E 74 2E 65 78 61 6D 70 6C
 ...client.exampl
00[ASN]  544: 65 2E 63 6F 6D                                   e.com
00[ASN] L2 - DEFAULT v1:
00[ASN] L3 - version:
00[ASN] => 1 bytes @ 0x1f16a1c
00[ASN]    0: 02                                               .
00[ASN]   X.509v3
00[ASN] L2 - serialNumber:
00[ASN] => 8 bytes @ 0x1f16a1f
00[ASN]    0: 4E 59 52 9D E3 84 62 59                          NYR...bY
00[ASN] L2 - signature:
00[ASN] L3 - algorithmIdentifier:
00[ASN] L4 - algorithm:
00[ASN]   'sha-1WithRSAEncryption'
00[ASN] L2 - issuer:
00[ASN] => 59 bytes @ 0x1f16a36
00[ASN]    0: 30 39 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 091.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 18 30 16 06 03 55 04 03 13 0F 45 78 61 6D
 e1.0...U....Exam
00[ASN]   48: 70 6C 65 20 43 41 20 52 6F 6F 74                 ple CA Root
00[ASN]   'C=US, O=Example, CN=Example CA Root'
00[ASN] L2 - validity:
00[ASN] L3 - notBefore:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 06 00:00:20 UTC 2014'
00[ASN] L3 - notAfter:
00[ASN] L4 - utcTime:
00[ASN]   'Mar 05 00:00:20 UTC 2017'
00[ASN] L2 - subject:
00[ASN] => 62 bytes @ 0x1f16a91
00[ASN]    0: 30 3C 31 0B 30 09 06 03 55 04 06 13 02 55 53 31
 0<1.0...U....US1
00[ASN]   16: 10 30 0E 06 03 55 04 0A 13 07 45 78 61 6D 70 6C
 .0...U....Exampl
00[ASN]   32: 65 31 1B 30 19 06 03 55 04 03 13 12 63 6C 69 65
 e1.0...U....clie
00[ASN]   48: 6E 74 2E 65 78 61 6D 70 6C 65 2E 63 6F 6D
nt.example.com
00[ASN]   'C=US, O=Example, CN=client.example.com'
00[ASN] L2 - subjectPublicKeyInfo:
00[ASN] -- > --
00[ASN] -- < --
00[LIB] building CRED_CERTIFICATE - X509 failed, tried 2 builders
00[CFG]     loading cert 'Certificate' failed
00[LIB] loading feature PRIVKEY:ANY in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_2048 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_2048_224 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_2048_256 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_1536 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_3072 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_4096 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_6144 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_8192 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_1024 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_1024_160 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_768 in plugin 'pkcs11'
00[LIB] loading feature DH:MODP_CUSTOM in plugin 'pkcs11'
00[LIB] loading feature CRYPTER:AES_CBC-16 in plugin 'aes'
00[LIB] loading feature CRYPTER:AES_CBC-24 in plugin 'aes'
00[LIB] loading feature CRYPTER:AES_CBC-32 in plugin 'aes'
00[LIB] loading feature CRYPTER:3DES_CBC-24 in plugin 'des'
00[LIB] loading feature CRYPTER:DES_CBC-8 in plugin 'des'
00[LIB] loading feature CRYPTER:DES_ECB-8 in plugin 'des'
00[LIB] loading feature CRYPTER:RC2_CBC-0 in plugin 'rc2'
00[LIB] loading feature PRF:PRF_KEYED_SHA1 in plugin 'sha1'
00[LIB] loading feature HASHER:HASH_SHA224 in plugin 'sha2'
00[LIB] loading feature HASHER:HASH_SHA256 in plugin 'sha2'
00[LIB] loading feature HASHER:HASH_SHA384 in plugin 'sha2'
00[LIB] loading feature HASHER:HASH_SHA512 in plugin 'sha2'
00[LIB] loading feature HASHER:HASH_MD5 in plugin 'md5'
00[LIB] loading feature CERT_ENCODE:X509 in plugin 'x509'
00[LIB] loading feature CERT_ENCODE:X509_AC in plugin 'x509'
00[LIB] loading feature CERT_DECODE:X509_AC in plugin 'x509'
00[LIB] loading feature CERT_ENCODE:X509_CRL in plugin 'x509'
00[LIB] loading feature CERT_DECODE:X509_CRL in plugin 'x509'
00[LIB] loading feature CERT_ENCODE:X509_OCSP_REQUEST in plugin 'x509'
00[LIB] loading feature CERT_DECODE:X509_OCSP_RESPONSE in plugin 'x509'
00[LIB] loading feature CERT_ENCODE:PKCS10_REQUEST in plugin 'x509'
00[LIB] loading feature CERT_DECODE:PKCS10_REQUEST in plugin 'x509'
00[LIB] loading feature CUSTOM:revocation in plugin 'revocation'
00[LIB]   loading feature CERT_DECODE:X509_OCSP_RESPONSE in plugin 'pem'
00[LIB]   loading feature CERT_DECODE:X509_CRL in plugin 'pem'
00[LIB]   feature CUSTOM:revocation in plugin 'revocation' has unmet soft
dependency: FETCHER:(null)
00[LIB] loading feature CUSTOM:constraints in plugin 'constraints'
00[LIB] loading feature CERT_ENCODE:TRUSTED_PUBKEY in plugin 'pubkey'
00[LIB] loading feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pubkey'
00[LIB]   feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pubkey' has unmet
soft dependency: PUBKEY:ECDSA
00[LIB]   feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pubkey' has unmet
soft dependency: PUBKEY:DSA
00[LIB] loading feature PRIVKEY:RSA in plugin 'pkcs1'
00[LIB] loading feature PUBKEY:ANY in plugin 'pkcs1'
00[LIB] loading feature CONTAINER_DECODE:PKCS7 in plugin 'pkcs7'
00[LIB] loading feature CONTAINER_ENCODE:PKCS7_DATA in plugin 'pkcs7'
00[LIB] loading feature CONTAINER_ENCODE:PKCS7_SIGNED_DATA in plugin 'pkcs7'
00[LIB] loading feature CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA in plugin
'pkcs7'
00[LIB] loading feature PRIVKEY:ANY in plugin 'pkcs8'
00[LIB] loading feature PRIVKEY:RSA in plugin 'pkcs8'
00[LIB] loading feature PRIVKEY:ECDSA in plugin 'pkcs8'
00[LIB] loading feature CONTAINER_DECODE:PKCS12 in plugin 'pkcs12'
00[LIB]   loading feature PRIVKEY:ANY in plugin 'pgp'
00[LIB]   loading feature PRIVKEY:ANY in plugin 'pem'
00[LIB] loading feature PRIVKEY:RSA in plugin 'pgp'
00[LIB] loading feature PUBKEY:ANY in plugin 'pgp'
00[LIB] loading feature CERT_DECODE:PGP in plugin 'pgp'
00[LIB] loading feature PUBKEY:ANY in plugin 'dnskey'
00[LIB] loading feature PUBKEY:ANY in plugin 'sshkey'
00[LIB] loading feature PRIVKEY:RSA in plugin 'pem'
00[LIB]   loop detected while loading PRIVKEY:RSA in plugin 'pem'
00[LIB]   loading feature PRIVKEY:RSA in plugin 'gmp'
00[LIB] loading feature PRIVKEY:ECDSA in plugin 'pem'
00[LIB] loading feature PRIVKEY:DSA in plugin 'pem'
00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency:
PRIVKEY:DSA
00[LIB] loading feature PUBKEY:ANY in plugin 'pem'
00[LIB] loading feature CERT_DECODE:ANY in plugin 'pem'
00[LIB]   loading feature CERT_DECODE:PGP in plugin 'pem'
00[LIB] loading feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem'
00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet
dependency: CERT_DECODE:X509_OCSP_REQUEST
00[LIB] loading feature CERT_DECODE:X509_AC in plugin 'pem'
00[LIB] loading feature CERT_DECODE:PKCS10_REQUEST in plugin 'pem'
00[LIB] loading feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem'
00[LIB] loading feature CONTAINER_DECODE:PKCS12 in plugin 'pem'
00[LIB] loading feature PRF:PRF_FIPS_SHA1_160 in plugin 'fips-prf'
00[LIB] loading feature DH:MODP_2048 in plugin 'gmp'
00[LIB] loading feature DH:MODP_2048_224 in plugin 'gmp'
00[LIB] loading feature DH:MODP_2048_256 in plugin 'gmp'
00[LIB] loading feature DH:MODP_1536 in plugin 'gmp'
00[LIB] loading feature DH:MODP_3072 in plugin 'gmp'
00[LIB] loading feature DH:MODP_4096 in plugin 'gmp'
00[LIB] loading feature DH:MODP_6144 in plugin 'gmp'
00[LIB] loading feature DH:MODP_8192 in plugin 'gmp'
00[LIB] loading feature DH:MODP_1024 in plugin 'gmp'
00[LIB] loading feature DH:MODP_1024_160 in plugin 'gmp'
00[LIB] loading feature DH:MODP_768 in plugin 'gmp'
00[LIB] loading feature DH:MODP_CUSTOM in plugin 'gmp'
00[LIB] loading feature PRIVKEY_GEN:RSA in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512 in plugin 'gmp'
00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5 in plugin 'gmp'
00[LIB] loading feature PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1 in plugin 'gmp'
00[LIB] loading feature PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1 in plugin 'gmp'
00[LIB] loading feature PRF:PRF_AES128_XCBC in plugin 'xcbc'
00[LIB] loading feature PRF:PRF_CAMELLIA128_XCBC in plugin 'xcbc'
00[LIB] feature PRF:PRF_CAMELLIA128_XCBC in plugin 'xcbc' has unmet
dependency: CRYPTER:CAMELLIA_CBC-16
00[LIB] loading feature SIGNER:CAMELLIA_XCBC_96 in plugin 'xcbc'
00[LIB] feature SIGNER:CAMELLIA_XCBC_96 in plugin 'xcbc' has unmet
dependency: CRYPTER:CAMELLIA_CBC-16
00[LIB] loading feature SIGNER:AES_XCBC_96 in plugin 'xcbc'
00[LIB] loading feature PRF:PRF_AES128_CMAC in plugin 'cmac'
00[LIB] loading feature SIGNER:AES_CMAC_96 in plugin 'cmac'
00[LIB] loading feature PRF:PRF_HMAC_SHA1 in plugin 'hmac'
00[LIB] loading feature PRF:PRF_HMAC_MD5 in plugin 'hmac'
00[LIB] loading feature PRF:PRF_HMAC_SHA2_256 in plugin 'hmac'
00[LIB] loading feature PRF:PRF_HMAC_SHA2_384 in plugin 'hmac'
00[LIB] loading feature PRF:PRF_HMAC_SHA2_512 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA1_96 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA1_128 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA1_160 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_MD5_96 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_MD5_128 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_256_128 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_256_256 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_384_192 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_384_384 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_512_256 in plugin 'hmac'
00[LIB] loading feature SIGNER:HMAC_SHA2_512_512 in plugin 'hmac'
00[LIB] loading feature CUSTOM:attr in plugin 'attr'
00[LIB] loading feature CUSTOM:resolve in plugin 'resolve'
00[LIB] loading feature CUSTOM:stroke in plugin 'stroke'
00[LIB]   feature CUSTOM:stroke in plugin 'stroke' has unmet soft
dependency: PRIVKEY:DSA
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] found key on PKCS#11 token 'opensc-module':1
00[CFG]   loaded private key from %smartcard1:45
00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc'
failed
00[LIB] loading feature CUSTOM:updown in plugin 'updown'
00[LIB] loading feature XAUTH_SERVER:generic in plugin 'xauth-generic'
00[LIB] loading feature XAUTH_CLIENT:generic in plugin 'xauth-generic'
00[LIB] loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random
nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
socket-default stroke updown xauth-generic
00[LIB] unable to load 6 plugin features (6 due to unmet dependencies)
00[JOB] spawning 16 worker threads
02[LIB] created thread 02 [9576]
01[LIB] created thread 01 [9575]
05[LIB] created thread 05 [9579]
04[LIB] created thread 04 [9578]
03[LIB] created thread 03 [9577]
07[LIB] created thread 07 [9581]
09[LIB] created thread 09 [9583]
08[LIB] created thread 08 [9582]
10[LIB] created thread 10 [9584]
11[LIB] created thread 11 [9585]
06[LIB] created thread 06 [9580]
12[LIB] created thread 12 [9586]
13[LIB] created thread 13 [9587]
14[LIB] created thread 14 [9588]
15[LIB] created thread 15 [9589]
16[LIB] created thread 16 [9590]
03[CFG] module 'opensc-module' does not support hot-plugging, cancelled


Any help is greatly appreciated.  I am happy to contribute a patch if it is
needed and someone can point me in the right direction.

Cheers,
  Stephen

*--*

*Stephen Wilcox*

*Sr. Software Engineer - Tyfone, Inc.*

*Portland | Bangalore | Taipei*

*www.tyfone.com* <http://www.tyfone.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140305/e2985c24/attachment-0001.html>


More information about the Users mailing list