[strongSwan] rejecting certificate without digitalSignature or nonRepudiation, keyUsage flags
lejeczek
peljasz at yahoo.co.uk
Wed Oct 30 19:04:33 CET 2019
On 30/10/2019 16:37, Tobias Brunner wrote:
> Hi,
>
>> Is the problem caused be my certificates being crafted in a way which
>> did not comply with what Strongswan requires?
> Yep.
>
>> Or this can be resolved with configuration?
> No. Either don't add any keyUsage flags to the certificate, or include
> at least one of the mentioned flags.
>
> Regards,
> Tobias
but when I do:
$ strongswan pki --issue .... --flag nonRepudiation
and then:
$ strongswan pki --print --in ipsec.d/certs/sucker at openstack.der.new
...
flags:
..
nothing gets there?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1757 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191030/7eb7948e/attachment.key>
More information about the Users
mailing list