[strongSwan] Question regarding smartcard configuration

Marian Thieme marian.thieme at gmail.com
Wed Dec 23 23:02:03 CET 2015

Hi Tobias,

thank you a lot for the assistance ! ... so far =)

I could partially solve the pkcs11 engine plugin load issue. For some
reason it only works if I specify plugins statically. Any idea why this
is the case ? As an attempt I currently load the following modules:

charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl
revocation hmac xcbc stroke kernel-netlink socket-default openssl pkcs11

Now, unfortunately, the charon aborts after reading the certificates
from the card. The last logs are:

Dec 23 22:38:39 00[CFG]     loaded untrusted cert 'Marian Thieme ENC 11'
Dec 23 22:38:39 00[LIB] failed to load 1 critical plugin feature
Dec 23 22:38:39 00[DMN] initialization failed - aborting charon

Do have an idea which feature is meant or what/where to check ?

I was thinking it is because the certificate is untrusted.
However, I did provide the relevant intermediate and root certificate in
cacerts folder. And the logs actually show that they were loaded:

Dec 23 22:38:39 00[CFG]   loaded ca certificate "CN=TrustedRoot, O=Any,
C=DE" from '/usr/local/etc/ipsec.d/cacerts/TrustedRoot.der'
Dec 23 22:38:39 00[CFG]   loaded ca certificate "CN=TrustedRoot
Client-CA, O=Any, C=DE" from

and this actually match the issuer of my personal cert:

Dec 23 22:38:39 00[ASN] L2 - issuer:
Dec 23 22:38:39 00[ASN] => 72 bytes @ 0x000000080246fd26
Dec 23 22:38:39 00[ASN]   'CN=TrustedRoot Client-CA, O=Any, C=DE'

Thank you very much again for your help,

More information about the Users mailing list