[strongSwan] Fwd: "No trusted RSA public key found for [..]" again
bluesky787 at posteo.de
bluesky787 at posteo.de
Thu Sep 26 10:13:54 CEST 2019
Hi Tobias,
thanks for clarification.
Your comment made me recheck all settings in server configuration and I
have found this value.
I have no idea, why I have overseen that before.
Long story short, I changed the "Local identity value" in VPN Server
Settings to ASN.1 name of the cert ("O=LANCOM
SYSTEMS,CN=XXX.XXX.XXX.XXX") and it works.
Thank you.
Regards,
Bluesky787
Am 16.09.2019 10:37 schrieb Tobias Brunner:
> Hi,
>
>> What really confuses me is the CN in the error message: "No trusted
>> RSA
>> public key found for ‘CN=LANCOM VPN’", because no certificate uses
>> this
>> CN, nor any of the config files (see below) or the VPN server config.
>> Where does this value come from?
>
> It's the identity the peer sends (IDr), which won't work as it's not
> confirmed by the certificate. So make it use an identity contained in
> the certificate (SAN or full subject DN).
>
> Regards,
> Tobias
More information about the Users
mailing list