[strongSwan] DN-based ID not confirmed by Certificate

Andreas Steffen andreas.steffen at strongswan.org
Sat May 31 14:03:11 CEST 2014 

Hi Aaron,

the comma ',' and slash '/' are reserved characters separating the
individual Relative Distinguished Names (RDNs) as C=US or ST=California.
Therefore O=Company, Inc is currently not supported. Tobias is working
on a workaround where ',' in an RDN would be supported if the
alternative '/' separator would be used.

http://git.strongswan.org/?p=strongswan.git;a=commit;h=b500fc687a7b1d12e787540d31224d2d0a233395

Best regards

Andreas

On 05/30/2014 09:19 PM, Aaron Edwards wrote:
> Hi All,
> 
> Looking for some troubleshooting direction here.
> 
> I'm setting up a strongswan to strongswan VPN, authenticating using
> DN-based IDs on certificates from a private CA. 
> 
> I've done this a *bunch* of times before with earlier self-compiled
> versions (5.0.1-5.1.0), however in 5.1.2 that comes with Ubuntu 14.04,
> Strongswan does not seem to like my ID:
> 
> May 30 18:54:12 office-gilligan charon: 10[CFG]   id 'C=US,
> ST=California, L=Santa Clara, O=Company, Inc, OU=Marketing,
> CN=office.company.com <http://office.company.com>' not confirmed by
> certificate, defaulting to 'C=US, ST=California, L=Santa Clara,
> O=Company, Inc, OU=Marketing, CN=office.company.com
> <http://office.company.com>'
> 
> Later on, when the peer tries to connect, I get a "peer config not
> found". Note - I am not using SANs in my certificates (thus why I have
> been doing DN-based auth), which has worked before.
> 
> Are there any changes/ known bugs from 5.1.0 to 5.1.2 that could cause
> this? If not, are there any configuration/compilation options that could
> cause this? Just looking for ideas on what to try next.
> 
> Thanks,
> Aaron
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140531/33a8fc40/attachment.bin>

More information about the Users mailing list