[strongSwan] Strongswan 5.5 - no private key found-

rajeev nohria rajnohria at gmail.com
Thu Feb 8 18:19:52 CET 2018 

Now I am getting the following error and not able to resolve this for
sometime. Any inkling is helpful here.


Using DAVICI, I did make sure local.id is  "C=US, O=ARRIS Group, Inc.,
OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E7:80"

What else I be missing?


writing RSA key
11[CFG] loaded RSA private key
11[CFG] loaded certificate 'C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST
CableLabs Root Certification Authority'
11[CFG] loaded certificate 'C=US, O=ARRIS Group, Inc., OU=DCA Remote Device
Certificate, CN=FF:FF:05:E6:E7:80'
11[CFG] loaded certificate 'C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST
CableLabs Device Certification Authority'
Key Value success
Davici End
Key Value success
Davici End
Key Value success
Davici End
Key Value success
Davici End


06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
06[NET] sending packet: from fc00:cada:c404:607::1001[500] to
fc00:cada:c404::200[500] (456 bytes)
13[NET] received packet: from fc00:cada:c404::200[500] to
fc00:cada:c404:607::1001[500] (453 bytes)
13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
13[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root CA01,
CN=TEST CableLabs Root Certification Authority"
13[IKE] received 1 cert requests for an unknown ca
13[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device CA01,
CN=TEST CableLabs Device Certification Authority"
13[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root CA01,
CN=TEST CableLabs Root Certification Authority"
1*3[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA Remote
Device Certificate, CN=FF:FF:05:E6:E7:80'*

L4-RPD1-O6k>#
L4-RPD1-O6k># ipsec listcerts

List of X.509 End Entity Certificates

  subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
CN=FF:FF:05:E6:E7:80"
  issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
Device Certification Authority"
  validity:  not before Sep 14 16:13:25 2017, ok
             not after  Sep 14 16:13:25 2018, ok (expires in 218 days)
  serial:    01:ff:ff:05:e6:e7:80
  authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
  subjkeyId: 39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
  pubkey:    RSA 2048 bits, has private key
  keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
  subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
L4-RPD1-O6k>#

L4-RPD1-O6k># pki --print --type x509 --in <Device certificate file>
  subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
CN=FF:FF:05:E6:E7:80"
  issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
Device Certification Authority"
  validity:  not before Sep 14 16:13:25 2017, ok
             not after  Sep 14 16:13:25 2018, ok (expires in 218 days)
  serial:    01:ff:ff:05:e6:e7:80
  authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
  subjkeyId: 39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
  pubkey:    RSA 2048 bits
  keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
  subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
L4-RPD1-O6k>#


L4-RPD1-O6k># pki --print --type rsa-priv --in <privKey File>
  privkey:   RSA 2048 bits
  keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
  subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180208/0b911380/attachment-0001.html>

More information about the Users mailing list