[strongSwan] charon: 13[IKE] no trusted RSA public key found
Michael C. Cambria
mcc at fid4.com
Wed Jun 3 14:56:46 CEST 2015
Hi,
I have StrongSwan as both ends of a tunnel. One end is using ipsec.conf
and the other is using MySql, the later based on [0]
When the MySql side tried to initiate a connection, I get:
Jun 2 15:14:05 thing0 charon: 13[CFG] no issuer certificate found for
"C=US, O=Test, CN=test.example.com"
Jun 2 15:14:05 thing0 charon: 13[IKE] no trusted RSA public key found
for 'test.example.com'
Jun 2 15:14:05 thing0 charon: 13[ENC] generating INFORMATIONAL request
2 [ N(AUTH_FAILED) ]
The remote end likes the CA Cert and responds, so the SQL for the cert
seems correct.
On the sql side, if I put the PEM self signed CA Cert in ipsec.d/cacert
and it's key in ipsec.d/private, restart StrongSwan... the connection
does come up (the sql is not modified, the cert etc is still there.)
In the SQL, the first 3 identities are for the CA Cert; id2sql of "C=US,
O=Test, CN=test.example.com", subjectPublicKey and subjectPublicKeyInfo.
Any suggestions?
Thanks,
MikeC
[0]
http://www.strongswan.org/uml/testresults43/sql/net2net-cert/moon.ipsec.sql
More information about the Users
mailing list