[strongSwan] Strongswan 5.5 - no private key found-

Tobias Brunner tobias at strongswan.org
Fri Feb 9 17:02:50 CET 2018

Hi Rajeev,

> Using DAVICI, I did make sure local.id isĀ  "C=US,
> O=ARRIS Group, Inc., OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E7:80"

The comma between "Group" and "Inc." in the O RDN lets the identity
string parser fail and this string will not be treated as ASN.1 DN but
as opaque key ID, this won't match your private key during the lookup.
If you want to configure DNs that contain commas you can either use /
instead of comma to separate the RDNs (the whole string has to start
with a slash then):

/C=US/O=ARRIS Group, Inc./OU=DCA Remote Device

Or you may configure the identity as binary ASN.1 value with the asn1dn:
prefix (use the pki --dn utility).  Also an option is to not configure
an identity in the local auth config but instead the client certificate,
then the identity should default to the subject DN of the certificate.


More information about the Users mailing list