[strongSwan] Strongswan 5.5 - no private key found-

rajeev nohria rajnohria at gmail.com
Mon Feb 12 19:23:20 CET 2018


Thanks, Based on response i was able to resolve my issue.  I was removing
"/" when reading the subject.

-Rajeev

On Fri, Feb 9, 2018 at 11:02 AM, Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Rajeev,
>
> > Using DAVICI, I did make sure local.id is  "C=US,
> > O=ARRIS Group, Inc., OU=DCA Remote Device Certificate,
> CN=FF:FF:05:E6:E7:80"
>
> The comma between "Group" and "Inc." in the O RDN lets the identity
> string parser fail and this string will not be treated as ASN.1 DN but
> as opaque key ID, this won't match your private key during the lookup.
> If you want to configure DNs that contain commas you can either use /
> instead of comma to separate the RDNs (the whole string has to start
> with a slash then):
>
> /C=US/O=ARRIS Group, Inc./OU=DCA Remote Device
> Certificate/CN=FF:FF:05:E6:E7:80
>
> Or you may configure the identity as binary ASN.1 value with the asn1dn:
> prefix (use the pki --dn utility).  Also an option is to not configure
> an identity in the local auth config but instead the client certificate,
> then the identity should default to the subject DN of the certificate.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180212/9f28ee07/attachment.html>


More information about the Users mailing list