[strongSwan] DN-based ID not confirmed by Certificate
andreas.steffen at strongswan.org
Sat May 31 14:03:11 CEST 2014
the comma ',' and slash '/' are reserved characters separating the
individual Relative Distinguished Names (RDNs) as C=US or ST=California.
Therefore O=Company, Inc is currently not supported. Tobias is working
on a workaround where ',' in an RDN would be supported if the
alternative '/' separator would be used.
On 05/30/2014 09:19 PM, Aaron Edwards wrote:
> Hi All,
> Looking for some troubleshooting direction here.
> I'm setting up a strongswan to strongswan VPN, authenticating using
> DN-based IDs on certificates from a private CA.
> I've done this a *bunch* of times before with earlier self-compiled
> versions (5.0.1-5.1.0), however in 5.1.2 that comes with Ubuntu 14.04,
> Strongswan does not seem to like my ID:
> May 30 18:54:12 office-gilligan charon: 10[CFG] id 'C=US,
> ST=California, L=Santa Clara, O=Company, Inc, OU=Marketing,
> CN=office.company.com <http://office.company.com>' not confirmed by
> certificate, defaulting to 'C=US, ST=California, L=Santa Clara,
> O=Company, Inc, OU=Marketing, CN=office.company.com
> Later on, when the peer tries to connect, I get a "peer config not
> found". Note - I am not using SANs in my certificates (thus why I have
> been doing DN-based auth), which has worked before.
> Are there any changes/ known bugs from 5.1.0 to 5.1.2 that could cause
> this? If not, are there any configuration/compilation options that could
> cause this? Just looking for ideas on what to try next.
> Users mailing list
> Users at lists.strongswan.org
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users