[strongSwan] Strongswan 5.5 - no private key found-

rajeev nohria rajnohria at gmail.com
Thu Feb 8 20:44:35 CET 2018


Let me know I can send you more information.

On Thu, Feb 8, 2018 at 12:19 PM, rajeev nohria <rajnohria at gmail.com> wrote:

>
>
> Now I am getting the following error and not able to resolve this for
> sometime. Any inkling is helpful here.
>
>
> Using DAVICI, I did make sure local.id is  "C=US, O=ARRIS Group, Inc.,
> OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E7:80"
>
> What else I be missing?
>
>
> writing RSA key
> 11[CFG] loaded RSA private key
> 11[CFG] loaded certificate 'C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST
> CableLabs Root Certification Authority'
> 11[CFG] loaded certificate 'C=US, O=ARRIS Group, Inc., OU=DCA Remote
> Device Certificate, CN=FF:FF:05:E6:E7:80'
> 11[CFG] loaded certificate 'C=US, O=CableLabs, OU=TEST Device CA01,
> CN=TEST CableLabs Device Certification Authority'
> Key Value success
> Davici End
> Key Value success
> Davici End
> Key Value success
> Davici End
> Key Value success
> Davici End
>
>
> 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) N(HASH_ALG) N(REDIR_SUP) ]
> 06[NET] sending packet: from fc00:cada:c404:607::1001[500] to
> fc00:cada:c404::200[500] (456 bytes)
> 13[NET] received packet: from fc00:cada:c404::200[500] to
> fc00:cada:c404:607::1001[500] (453 bytes)
> 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
> 13[IKE] received cert request for "C=US, O=CableLabs, OU=TEST Root CA01,
> CN=TEST CableLabs Root Certification Authority"
> 13[IKE] received 1 cert requests for an unknown ca
> 13[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Device CA01,
> CN=TEST CableLabs Device Certification Authority"
> 13[IKE] sending cert request for "C=US, O=CableLabs, OU=TEST Root CA01,
> CN=TEST CableLabs Root Certification Authority"
> 1*3[IKE] no private key found for 'C=US, O=ARRIS Group, Inc., OU=DCA
> Remote Device Certificate, CN=FF:FF:05:E6:E7:80'*
>
> L4-RPD1-O6k>#
> L4-RPD1-O6k># ipsec listcerts
>
> List of X.509 End Entity Certificates
>
>   subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E7:80"
>   issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
>   validity:  not before Sep 14 16:13:25 2017, ok
>              not after  Sep 14 16:13:25 2018, ok (expires in 218 days)
>   serial:    01:ff:ff:05:e6:e7:80
>   authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
>   subjkeyId: 39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
>   pubkey:    RSA 2048 bits, has private key
>   keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
>   subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
> L4-RPD1-O6k>#
>
> L4-RPD1-O6k># pki --print --type x509 --in <Device certificate file>
>   subject:  "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E7:80"
>   issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
>   validity:  not before Sep 14 16:13:25 2017, ok
>              not after  Sep 14 16:13:25 2018, ok (expires in 218 days)
>   serial:    01:ff:ff:05:e6:e7:80
>   authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
>   subjkeyId: 39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
>   pubkey:    RSA 2048 bits
>   keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
>   subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
> L4-RPD1-O6k>#
>
>
> L4-RPD1-O6k># pki --print --type rsa-priv --in <privKey File>
>   privkey:   RSA 2048 bits
>   keyid:     32:28:f2:70:8b:72:f1:33:05:47:9d:26:ae:00:a2:ea:93:b4:e2:a2
>   subjkey:   39:9c:b3:7d:20:23:f5:73:46:ce:fc:1a:84:a4:c0:6f:f6:e7:4c:18
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180208/1e41bad4/attachment.html>


More information about the Users mailing list