[strongSwan] no private key found with ECDSA certificate

Noel Kuntze noel at familie-kuntze.de
Wed May 27 13:56:15 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Mark,

Well, did you enter the ECDSA private key in ipsec.secrets as you did with the RSA key?

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 27.05.2015 um 04:52 schrieb Mark M:
> I am trying to use ECDSA certificates with my setup and I keep getting "no private key found" on my strongswan server when a client connects. I am using CentOS 7 and strongSwan 5.2.0. I am using the android client to connect and the certificate authentication works fine on the Android device.
>
> Any ideas on what would cause the private key to not be found or be authenticated correctly?
>
>
> 14[CFG]   using trusted ca certificate "C=US, ST=MA, L=SELF, O=SSCA, OU=SS, CN=192.168.1.7"
> 14[CFG] checking certificate status of "C=US, ST=MA, L=SELF, O=SSCA, OU=SS, CN=phone1ecc"
> 14[CFG] certificate status is not available
> 14[CFG]   reached self-signed root ca with a path length of 0
> 14[IKE] authentication of 'C=US, ST=MA, L=SELF, O=SSCA, OU=SS, CN=phone1ecc' with ECDSA-384 signature successful
> 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
> 14[IKE] peer supports MOBIKE
> 14[IKE] no private key found for 'C=US, ST=MA, L=SELF, OU=SSCA'
> 14[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> 14[NET] sending packet: from 192.168.1.7[4500] to 70.162.232.57[5477] (88 bytes)
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVZbDdAAoJEDg5KY9j7GZYdrQP+gKX2Z6UnuuBm3axA47uBFeJ
U++oz8UJ5jN/FW4CMBjvKZJGJPMq+VblMbqZZGMAEE2Mgjm6z9olaDVj0Sl0cO1E
1M0HsNeBbQHb23Pb1p2/wMyCyfFFHPTEWLIqDeNHALOzguGiPVMlibZ/FogCeTjV
8qPfcwgYebQcAujOv8GEm1IWAn1/ZmnXsTbMDz6J3VT09Cjh0dQ5o32s6U0PoT4Y
93V5FLDSJIo0INMVG+RRPqoEt20PVTRyCFLTFaex3HJWgb/O3JKn6WXrdaMKOVex
KjRNkWvoqwg2LWB7sjEScNjrECOtUddBeG9Kx5p/kbs9jsB8Ftx+XKE+gSkXeKtt
qS9HpvAF78v2/aCPLbCYR2fxhxJgaX0Ofh2NQzYV55kFpHgYfH7/5U4tTN6/Go5H
xx/iZBdPr54I4FbWiUid4pMu1zDV2Uwrd7eCpjkpMbYLWUvOXRfztjklZL48K44P
F5Lh8EU5JBl10XI3OFU+tox8A1ZVE03ljeBkFwJfwScRvvAZMUBgnGlGiPmaFPBs
zgVNhmdswvvdikfL8y5E/t2UMMQgDCQpfOPIB+qrWkhGtXtddc2AYZnbRW+Gju4f
Y3Ad6nRh6AAGZbRlGPoc3pGCF2oP+p0yMOIY2QexUn32VSLff8W6Q5ymVVn6KPfx
ogdvtfSe+cOHsuYIW9WT
=koBw
-----END PGP SIGNATURE-----

More information about the Users mailing list