[strongSwan] Query on client authentication using EAP-TLS

Akash Deep everakash at gmail.com
Mon Feb 23 15:04:04 CET 2015


In* ipsec.secrets* I have given the following key:

:RSA fap-tls-10.prv

223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org %any : PSK abcd
223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org : EAP abcdedfgh

Still facing the issue.


On Mon, Feb 23, 2015 at 6:36 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi Akash,
> > no TLS peer certificate found for '
> 223456789123456 at nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client
> authentication
> > EAP_TLS method failed
> As the TLS stack does not find a usable certificate with a private for
> your ID, it skips client authentication. Your server most likely
> requires that, though, and therefore cancels the TLS handshake.
> Check if you have configured the private key for your client certificate
> in ipsec.secrets, there is no related error in the startup log and that
> "ipsec listcerts" shows "has private key" for your client certificate.
> Regards
> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150223/7484429d/attachment.html>

More information about the Users mailing list