[strongSwan] PKCS#12 and leftid

Jacques Monin jacques.monin01 at gmail.com
Tue May 12 17:55:41 CEST 2015


After reading your explanations, I tried :

1)
leftid="C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
jacques.monin01 at gmail.com"
I get : no private key found for 'C=FR, ST=R??gion Parisienne, L=Paris,
OU=Org, CN=1.Org, E=jacques.monin01 at gmail.com'

2)
leftid=asn1dn:"C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
jacques.monin01 at gmail.com"
I get :  no private key found for ''

3)
leftid=dn:"C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
jacques.monin01 at gmail.com"
I get :  no private key found for '64:6e:3a:20:43:3d:46...'

Do you have a hint for this ?
Did I misunderstood something ?

Thx for your help

2015-05-12 10:14 GMT+02:00 Martin Willi <martin at strongswan.org>:

>
> > I don't really get how I'm supposed to use leftid, am I supposed to find
> a
> > string-ASN.1 converter ?
>
> No, you define a string representation of your identity. strongSwan
> detects the identity type, and tries to convert it to the appropriate
> binary encoding (ASN.1 in the case of a DN).
>
> While you can specify the raw binary encoding in leftid using the
> asn1dn: or other prefixes, this is usually not required. Refer to the
> ipsec.conf manpage for details about the leftid option.
>
> If your certificate encodes the RDN as UTF8String, and your accent
> characters are encoded properly in UTF-8, it should be possible to
> create a matching subject using leftid if your ipsec.conf is UTF-8
> encoded.
>
> > Is there an other way to specify the certification we want to use that
> > using leftid ?
>
> As previously discussed, you can use leftcert to directly select a plain
> X.509 certificate from a certificate file or smartcard slot. But that
> won't work for PKCS#12. To alternatively select the certificate by
> leftid, specify an identity contained in the certificate with one of the
> options from above.
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150512/2c6a2bee/attachment-0001.html>


More information about the Users mailing list