[strongSwan] TLS handshake negotiation fail
yukou katori
k10lie.tech at yahoo.co.uk
Thu Feb 25 08:51:56 CET 2016
Hi,
I'm setting up EAP-TTLS-Radius client on StrongSwan5.3.5.
Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius Server(Freeradius2.1.12)
I got the following error when the Client tries to connect.> Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=AAA, O=OOO, CN=TEST'
I installed certification of the server:ipsec.d/certs/
/usr/local/etc/ipsec.d# ls certs/server.pem
When I checked by "ipsec listall", no item about "List of X.509 End Entity Certificates" is listed up.
Is it wrong about the way to store certificate?Or another reason? (e.g. plugin is not enough)
Regards,
Log:Feb 25 14:41:13 tester charon: 05[TLS] negotiated TLS 1.0 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHAFeb 25 14:41:13 tester charon: 05[TLS] processing TLS Handshake record (708 bytes)Feb 25 14:41:13 tester charon: 05[TLS] received TLS Certificate handshake (704 bytes)Feb 25 14:41:13 tester charon: 05[LIB] signature verification:Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=ES, O=ACCV, CN=ACCVRAIZ1'Feb 25 14:41:13 tester charon: 05[TLS] buffering 254 bytes, 254 bytes of 530 byte TLS record receivedFeb 25 14:41:13 tester charon: 05[TLS] sending fatal TLS alert 'access denied'
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160225/aa90ab3c/attachment.html>
More information about the Users
mailing list