[strongSwan] No private key found
rajeev nohria
rajnohria at gmail.com
Tue Dec 12 16:19:27 CET 2017
PEM format files..
On Tue, Dec 12, 2017 at 9:33 AM, rajeev nohria <rajnohria at gmail.com> wrote:
> This is at originator side where we are seeing the issue..
>
> ~# ipsec listcerts
>
> List of X.509 End Entity Certificates
>
> subject: "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E6:20"
> issuer: "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
> validity: not before Sep 14 16:13:24 2017, ok
> not after Sep 14 16:13:24 2018, ok (expires in 276 days)
> serial: 01:ff:ff:05:e6:e6:20
> authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
> subjkeyId: 71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f
> pubkey: RSA 2048 bits, has private key
> keyid: 85:d3:eb:51:9a:a8:1e:f6:ff:14:ee:cc:64:f6:2f:e0:32:99:1b:ce
> subjkey: 71:83:c0:b4:3e:40:06:f1:e5:30:d2:14:2c:82:e7:76:13:37:f4:6f
>
> On Mon, Dec 11, 2017 at 4:11 PM, rajeev nohria <rajnohria at gmail.com>
> wrote:
>
>> Let me know if you need more info..
>>
>> On Mon, Dec 11, 2017 at 2:45 PM, rajeev nohria <rajnohria at gmail.com>
>> wrote:
>>
>>> Please find the key and config. I am using davici so I am printing the
>>> configuration from log as commands are executing.
>>>
>>> Load-Connection command
>>> Section start rpdfc00:cada:c404::200
>>> Version is 2
>>> Local_addrs is fc00:cada:c404:607::1004
>>> remote_addrs is fc00:cada:c404::200
>>> local_port is 500
>>> remote_port is 500
>>> proposals is aes128-sha256-modp2048
>>> local section
>>> auth is pubkey
>>> RPD ip address is fc00:cada:c404:607::1004
>>> id is C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
>>> CN=FF:FF:05:E6:E6:20
>>> remote
>>> id is %any
>>> auth is pubkey
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Dec 11, 2017 at 10:39 AM, Jafar Al-Gharaibeh <jafar at atcorp.com>
>>> wrote:
>>>
>>>> Can you share your config/secret files ?
>>>>
>>>> --Jafar
>>>>
>>>>
>>>> On 12/11/2017 9:17 AM, rajeev nohria wrote:
>>>>
>>>> Anyone can help in this issue, I have setup the id with Subject id.
>>>> Still have this issue. Is anything else I am missing?
>>>> Thanks,
>>>> Rajeev
>>>>
>>>> On Tue, Nov 14, 2017 at 12:44 PM, rajeev nohria <rajnohria at gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>> Not sure what is wrong here, Can you let me know if I am missing
>>>>> something here.
>>>>>
>>>>>
>>>>>
>>>>> 16[KNL] creating acquire job for policy fc00:cada:c406:607::1001/128[tcp/43005]
>>>>> === fc00:cada:c406::200/128[tcp/8190] with reqid {2}
>>>>>
>>>>> 2017-11-13 15:58:56,001-HalTransport.py-94-INFO-Start a agent
>>>>> transport interface, path = [/tmp/Hal/agent/client/1/push]
>>>>>
>>>>> 15[IKE] initiating IKE_SA rpdfc00:cada:c406::200[1] to
>>>>> fc00:cada:c406::200
>>>>>
>>>>> 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
>>>>> N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
>>>>>
>>>>> 15[NET] sending packet: from fc00:cada:c406:607::1001[500] to
>>>>> fc00:cada:c406::200[500] (456 bytes)
>>>>>
>>>>> 10[NET] received packet: from fc00:cada:c406::200[500] to
>>>>> fc00:cada:c406:607::1001[500] (453 bytes)
>>>>>
>>>>> 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
>>>>>
>>>>> 10[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 10[IKE] received 1 cert requests for an unknown ca
>>>>>
>>>>> 10[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device
>>>>> CA01, CN=TEST CableLabs Device Certification Authority"
>>>>>
>>>>> 10[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 10[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA
>>>>> Remote Device Certificate, CN=FF:FF:05:E6:E6:20'
>>>>>
>>>>> 13[KNL] creating delete job for CHILD_SA ESP/0x00000000/fc00:cada:c406:
>>>>> :200
>>>>>
>>>>> 08[JOB] CHILD_SA ESP/0x00000000/fc00:cada:c406::200 not found for
>>>>> delete
>>>>>
>>>>> 06[KNL] creating acquire job for policy fc00:cada:c406:607::1001/128[tcp/39047]
>>>>> === fc00:cada:c406::200/128[tcp/8190] with reqid {2}
>>>>>
>>>>> 16[IKE] initiating IKE_SA rpdfc00:cada:c406::200[2] to
>>>>> fc00:cada:c406::200
>>>>>
>>>>> 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
>>>>> N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
>>>>>
>>>>> 16[NET] sending packet: from fc00:cada:c406:607::1001[500] to
>>>>> fc00:cada:c406::200[500] (456 bytes)
>>>>>
>>>>> 11[NET] received packet: from fc00:cada:c406::200[500] to
>>>>> fc00:cada:c406:607::1001[500] (453 bytes)
>>>>>
>>>>> 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
>>>>>
>>>>> 11[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 11[IKE] received 1 cert requests for an unknown ca
>>>>>
>>>>> 11[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device
>>>>> CA01, CN=TEST CableLabs Device Certification Authority"
>>>>>
>>>>> 11[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root
>>>>> CA01, CN=TEST CableLabs Root Certification Authority"
>>>>>
>>>>> 11[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA
>>>>> Remote Device Certificate, CN=FF:FF:05:E6:E6:20
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root at plnx_aarch64:~# ip -s xfrm state
>>>>>
>>>>> src fc00:cada:c406:607::1001 dst fc00:cada:c406::200
>>>>>
>>>>> proto esp spi 0x00000000(0) reqid 2(0x00000002) mode transport
>>>>>
>>>>> replay-window 0 seq 0x00000002 flag (0x00000000)
>>>>>
>>>>> anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
>>>>>
>>>>> sel src fc00:cada:c406:607::1001/128 dst
>>>>> fc00:cada:c406::200/128 proto tcp sport 39047 dport 8190 uid 0
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>> limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 165(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 16:01:42 use -
>>>>>
>>>>> stats:
>>>>>
>>>>> replay-wind
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root at plnx_aarch64:~# ip -s xfrm policy
>>>>>
>>>>> src fc00:cada:c406::200/128 dst fc00:cada:c406:607::1001/128 proto tcp
>>>>> uid 0
>>>>>
>>>>> dir in action allow index 88 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>> limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 15:58:55 use -
>>>>>
>>>>> tmpl src :: dst ::
>>>>>
>>>>> proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
>>>>> transport
>>>>>
>>>>> level required share any
>>>>>
>>>>> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406:607::1001/128 dst fc00:cada:c406::200/128 proto tcp
>>>>> uid 0
>>>>>
>>>>> dir out action allow index 81 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>> limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 15:58:55 use -
>>>>>
>>>>> tmpl src :: dst ::
>>>>>
>>>>> proto esp spi 0x00000000(0) reqid 2(0x00000002) mode
>>>>> transport
>>>>>
>>>>> level required share any
>>>>>
>>>>> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406::200/128 dst fc00:cada:c406:607::1001/128 proto
>>>>> l2tp uid 0
>>>>>
>>>>> dir in action allow index 72 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>> limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 15:58:55 use -
>>>>>
>>>>> tmpl src :: dst ::
>>>>>
>>>>> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
>>>>> transport
>>>>>
>>>>> level required share any
>>>>>
>>>>> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src fc00:cada:c406:607::1001/128 dst fc00:cada:c406::200/128 proto
>>>>> l2tp uid 0
>>>>>
>>>>> dir out action allow index 65 priority 234336 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft (INF)(bytes), hard (INF)(bytes)
>>>>>
>>>>> limit: soft (INF)(packets), hard (INF)(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 15:58:55 use -
>>>>>
>>>>> tmpl src :: dst ::
>>>>>
>>>>> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode
>>>>> transport
>>>>>
>>>>> level required share any
>>>>>
>>>>> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>> socket in action allow index 59 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>> socket out action allow index 52 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>> socket in action allow index 43 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>>>>>
>>>>> socket out action allow index 36 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>> socket in action allow index 27 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>> socket out action allow index 20 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use -
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>> socket in action allow index 11 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use 2017-11-13 16:04:42
>>>>>
>>>>> src ::/0 dst ::/0 uid 0
>>>>>
>>>>> socket out action allow index 4 priority 0 share any flag
>>>>> (0x00000000)
>>>>>
>>>>> lifetime config:
>>>>>
>>>>> limit: soft 0(bytes), hard 0(bytes)
>>>>>
>>>>> limit: soft 0(packets), hard 0(packets)
>>>>>
>>>>> expire add: soft 0(sec), hard 0(sec)
>>>>>
>>>>> expire use: soft 0(sec), hard 0(sec)
>>>>>
>>>>> lifetime current:
>>>>>
>>>>> 0(bytes), 0(packets)
>>>>>
>>>>> add 2017-11-13 18:46:13 use 2017-11-13 16:04:30
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ################# Certificates ######################
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> v --in *privKey.pem*
>>>>>
>>>>> privkey: RSA 2048 bits
>>>>>
>>>>> keyid: 85:d3:eb:51:9a:a8:1e:f6:ff:14:
>>>>> ee:cc:64:f6:2f:e0:32:99:1b:ce
>>>>>
>>>>> subjkey: 71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root at plnx_aarch64:/var/priv# pki --print --type x509 --in *Dcert.pem*
>>>>>
>>>>> opening 'Dcert.pem' failed: No such file or directory
>>>>>
>>>>> building CRED_CERTIFICATE - X509 failed, tried 4 builders
>>>>>
>>>>> parsing input failed
>>>>>
>>>>> root at plnx_aarch64:/var/priv# pki --print --type x509 --in DCert.pem
>>>>>
>>>>> subject: "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device
>>>>> Certificate, CN=FF:FF:05:E6:E6:20"
>>>>>
>>>>> issuer: "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
>>>>> Device Certification Authority"
>>>>>
>>>>> validity: not before Sep 14 16:13:24 2017, ok
>>>>>
>>>>> not after Sep 14 16:13:24 2018, ok (expires in 305 days)
>>>>>
>>>>> serial: 01:ff:ff:05:e6:e6:20
>>>>>
>>>>> authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>> subjkeyId: 71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>> pubkey: RSA 2048 bits
>>>>>
>>>>> keyid: 85:d3:eb:51:9a:a8:1e:f6:ff:14:
>>>>> ee:cc:64:f6:2f:e0:32:99:1b:ce
>>>>>
>>>>> subjkey: 71:83:c0:b4:3e:40:06:f1:e5:30:
>>>>> d2:14:2c:82:e7:76:13:37:f4:6f
>>>>>
>>>>> root at plnx_aarch64:/var/priv#
>>>>>
>>>>> root at plnx_aarch64:/var/priv#
>>>>>
>>>>> root at plnx_aarch64:/var/priv#
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root at plnx_aarch64:/var/priv# pki --print --type x509 --in *DMCert.pem*
>>>>>
>>>>> subject: "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
>>>>> Device Certification Authority"
>>>>>
>>>>> issuer: "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>> validity: not before Dec 09 23:08:49 2014, ok
>>>>>
>>>>> not after Dec 09 23:08:49 2049, ok (expires in 11714
>>>>> days)
>>>>>
>>>>> serial: a0:16:bc:73:85:0e:65:37
>>>>>
>>>>> altNames: CN=SYMC-3072-5
>>>>>
>>>>> flags: CA CRLSign
>>>>>
>>>>> pathlen: 0
>>>>>
>>>>> authkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>> subjkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>> pubkey: RSA 3072 bits
>>>>>
>>>>> keyid: b7:98:32:e4:ae:30:02:57:f7:ad:
>>>>> cb:2b:37:41:17:9c:1b:9d:79:28
>>>>>
>>>>> subjkey: f6:dc:40:8a:89:b6:7b:7a:08:f6:
>>>>> 78:b5:4a:28:7a:7f:57:9b:f9:9b
>>>>>
>>>>> root at plnx_aarch64:/var/priv# ls
>>>>>
>>>>> DCert.pem DMCertTemp.der privKey.pem
>>>>>
>>>>> DCertTemp.der DRCert.pem privKeyTemp.der
>>>>>
>>>>> DMCert.pem DRCertTemp.der privKeyTemp1.der
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> root at plnx_aarch64:/var/priv# pki --print --type x509 --in *DRCert.pem*
>>>>>
>>>>> subject: "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>> issuer: "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
>>>>> Root Certification Authority"
>>>>>
>>>>> validity: not before Nov 11 17:19:44 2014, ok
>>>>>
>>>>> not after Nov 11 17:19:44 2064, ok (expires in 17165
>>>>> days)
>>>>>
>>>>> serial: b1:b0:d3:be:83:ee:bf:e3
>>>>>
>>>>> altNames: CN=MPKI-4096-1-206
>>>>>
>>>>> flags: CA CRLSign self-signed
>>>>>
>>>>> subjkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>> pubkey: RSA 4096 bits
>>>>>
>>>>> keyid: bd:0e:4c:0f:21:cf:f0:49:af:19:
>>>>> 34:3b:c2:64:c5:31:a1:2e:11:07
>>>>>
>>>>> subjkey: 89:62:79:3d:b4:07:c9:f3:c6:97:
>>>>> 59:dd:b6:dc:65:0b:33:54:ff:fb
>>>>>
>>>>> root at plnx_aarch64:/var/priv#
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171212/772ccfe2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: privKey.pem
Type: application/octet-stream
Size: 1675 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171212/772ccfe2/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DCert.pem
Type: application/octet-stream
Size: 1476 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171212/772ccfe2/attachment-0005.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DMCert.pem
Type: application/octet-stream
Size: 1952 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171212/772ccfe2/attachment-0006.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DRCert.pem
Type: application/octet-stream
Size: 2078 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171212/772ccfe2/attachment-0007.obj>
More information about the Users
mailing list