[strongSwan] CRL: Parsing x509 certificate failed
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Sat Sep 8 17:30:57 CEST 2018
Hi,
The file goes into /etc/swanctl/x509crl/.
The type of the file is derived from the folder it is in, not the file magic bytes.
Kind regards
Noel
Am 08.09.18 um 17:20 schrieb bls s:
> I'm working with CRLs. I have what I believe is a well-formed CRL using strongSwan 5.6.3:
>
> Rpi31/etc/swanctl# pki --print --in /etc/swanctl/x509/revoked.der --type crl
> issuer: "C=US, O=rpi31-strongSwan, CN=strongSwan rpi31 Root CA"
> update: this on Sep 08 08:05:51 2018, ok
> next on Sep 15 08:05:51 2018, ok (expires in 6 days)
> serial: 01
> authKeyId: 58:5e:05:3b:53:6e:00:2f:99:a2:1e:3b:ce:c0:86:c7:37:fb:89:fc
> 1 revoked certificate:
> 72:50:d2:f7:36:0d:08:af: Sep 08 08:05:51 2018, superseded
>
> However, swanctl --load-creds reports:
>
> Rpi31/etc/swanctl# swanctl --load-creds
> loaded certificate from '/etc/swanctl/x509/bls-iPhone7-rpi31Cert.pem'
> loaded certificate from '/etc/swanctl/x509/strongSwanCert.pem'
> loading '/etc/swanctl/x509/revoked.der' failed: parsing X509 certificate failed
> loaded certificate from '/etc/swanctl/x509/bls-android-rpi31Cert.pem'
> loaded certificate from '/etc/swanctl/x509/bls-scout-rpi31Cert.pem'
>
> In another thread I saw a mention that pem must be loaded, and it appears that it is:
>
> Sep 7 14:30:05 rpi31 charon-systemd[31880]: loaded plugins: charon-systemd charon-systemd aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-tls xauth-generic counters
>
> Greatly appreciate solutions, suggestions, or pointers to help resolve.
>
> Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180908/33276c73/attachment.sig>
More information about the Users
mailing list