[strongSwan] Query on client authentication using EAP-TLS
Akash Deep
everakash at gmail.com
Mon Feb 23 15:04:04 CET 2015
Hi,
In* ipsec.secrets* I have given the following key:
:RSA fap-tls-10.prv
223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org %any : PSK abcd
223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org : EAP abcdedfgh
Still facing the issue.
Regards,
Akash
On Mon, Feb 23, 2015 at 6:36 PM, Martin Willi <martin at strongswan.org> wrote:
> Hi Akash,
>
> > no TLS peer certificate found for '
> 223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client
> authentication
> > EAP_TLS method failed
>
> As the TLS stack does not find a usable certificate with a private for
> your ID, it skips client authentication. Your server most likely
> requires that, though, and therefore cancels the TLS handshake.
>
> Check if you have configured the private key for your client certificate
> in ipsec.secrets, there is no related error in the startup log and that
> "ipsec listcerts" shows "has private key" for your client certificate.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150223/7484429d/attachment.html>
More information about the Users
mailing list