[strongSwan] PrintableString format is used for IDENTIFICATION when certificate is encoded with UTF8String

pothuganti sridhar pothuganti.sridhar at gmail.com
Mon Jul 25 17:38:45 CEST 2016

Hi All,

I'm facing an issue in which the connection with Cisco EZVPN client is
failing with the error " The Peer certificate does;nt match with Phase1
ID". The issue is occurring  in Strongswan version   5.2.0. We are using
IKev1 to establish a tunnel between Cisco EZVPN client and strongswan

We found out the cause to be mismatch in the string formats between
Identification and Certificate payloads in the 6th message of  Phase 1.

The certificate uses UTF8String format for encoding the RDN whereas the
Identification payload uses PrintableString format.

Is there any specific reason behind the usage of PrintableString format
irrespective of the encoding format used in the certificate?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160725/90e66f85/attachment.html>

More information about the Users mailing list