[strongSwan] Question regarding smartcard configuration
marian.thieme at gmail.com
Wed Dec 23 23:02:03 CET 2015
thank you a lot for the assistance ! ... so far =)
I could partially solve the pkcs11 engine plugin load issue. For some
reason it only works if I specify plugins statically. Any idea why this
is the case ? As an attempt I currently load the following modules:
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl
revocation hmac xcbc stroke kernel-netlink socket-default openssl pkcs11
Now, unfortunately, the charon aborts after reading the certificates
from the card. The last logs are:
Dec 23 22:38:39 00[CFG] loaded untrusted cert 'Marian Thieme ENC 11'
Dec 23 22:38:39 00[LIB] failed to load 1 critical plugin feature
Dec 23 22:38:39 00[DMN] initialization failed - aborting charon
Do have an idea which feature is meant or what/where to check ?
I was thinking it is because the certificate is untrusted.
However, I did provide the relevant intermediate and root certificate in
cacerts folder. And the logs actually show that they were loaded:
Dec 23 22:38:39 00[CFG] loaded ca certificate "CN=TrustedRoot, O=Any,
C=DE" from '/usr/local/etc/ipsec.d/cacerts/TrustedRoot.der'
Dec 23 22:38:39 00[CFG] loaded ca certificate "CN=TrustedRoot
Client-CA, O=Any, C=DE" from
and this actually match the issuer of my personal cert:
Dec 23 22:38:39 00[ASN] L2 - issuer:
Dec 23 22:38:39 00[ASN] => 72 bytes @ 0x000000080246fd26
Dec 23 22:38:39 00[ASN] 'CN=TrustedRoot Client-CA, O=Any, C=DE'
Thank you very much again for your help,
More information about the Users