[strongSwan] Fwd: "No trusted RSA public key found for [..]" again

bluesky787 at posteo.de bluesky787 at posteo.de
Thu Sep 26 10:13:54 CEST 2019

Hi Tobias,

thanks for clarification.
Your comment made me recheck all settings in server configuration and I 
have found this value.
I have no idea, why I have overseen that before.

Long story short, I changed the "Local identity value" in VPN Server 
Settings to ASN.1 name of the cert ("O=LANCOM 
SYSTEMS,CN=XXX.XXX.XXX.XXX") and it works.
Thank you.


Am 16.09.2019 10:37 schrieb Tobias Brunner:
> Hi,
>> What really confuses me is the CN in the error message: "No trusted 
>> RSA
>> public key found for ‘CN=LANCOM VPN’", because no certificate uses 
>> this
>> CN, nor any of the config files (see below) or the VPN server config.
>> Where does this value come from?
> It's the identity the peer sends (IDr), which won't work as it's not
> confirmed by the certificate.  So make it use an identity contained in
> the certificate (SAN or full subject DN).
> Regards,
> Tobias

More information about the Users mailing list