[strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert
Tobias Brunner
tobias at strongswan.org
Fri Nov 16 10:44:49 CET 2018
Hi Anthony,
> !!!Selected user cert is CN=TDY Test SCA 4
> 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[CFG] certificate \"C=US, O=Teledyne Controls Engineering, OU=Systems Engineering, CN=TDY Test SCA 4\" key: 2048 bit RSA
That's the server's certificate, selected to verify the authentication.
> 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[TLS] sending TLS peer certificate \'CN=RA00017.auth, O=Teledyne Controls Engineering, OU=Systems Engineering, C=US\'
> !!! ? why did TLS send SCA 1 cert
That certificate is selected based on the identity (whatever it is you
configured). If a private key is loaded for this key and identity, why
shouldn't it be selected?
Did you perhaps use the same key for different identities (or use the
same identity for different keys)? Also, how does your configuration
actually look like?
Regards,
Tobias
More information about the Users
mailing list