[strongSwan] strongswan client 5.6.2 on linux unable to use ECDSA certs or keys
Ettore Tagarelli
tagahect at gmail.com
Thu Apr 21 17:36:10 CEST 2022
this message is to rectify the log I posted before:
__________________________________________________
Apr 21 17:14:52 cash charon-nm: 05[LIB] building CRED_PRIVATE_KEY - RSA
failed, tried 10 builders
Apr 21 17:14:52 cash NetworkManager[10447]: <info> [1650554092.9642]
vpn-connection[0x55ce98c7e270,861b91a1-108a-46bd-8097-9033fa3013f0,"Connessione
VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Apr 21 17:14:52 cash charon-nm: 05[CFG] received initiate for
NetworkManager connection Connessione VPN 1
Apr 21 17:14:52 cash charon-nm: 05[CFG] using CA certificate, gateway
identity 'xxxx.xxxx.xxxxxxx'
Apr 21 17:14:52 cash charon-nm: 05[LIB] OpenSSL X.509 parsing failed
Apr 21 17:14:52 cash charon-nm: 05[LIB] building CRED_CERTIFICATE - X509
failed, tried 6 builders
Apr 21 17:14:52 cash NetworkManager[10447]: <warn> [1650554092.9656]
vpn-connection[0x55ce98c7e270,861b91a1-108a-46bd-8097-9033fa3013f0,"Connessione
VPN 1",0]: VPN connection: failed to connect: 'Loading peer certificate
failed.'
__________________________________________________
this are the commands I used to create the CA key:
ipsec pki --gen --type ecdsa --size 256 --outform pem > ca.key
and the CA certificate:
ipsec pki --self --ca --lifetime 3650 --in ca.key --type ecdsa --dn "C=IT,
O=Xxxx CA, CN=xxxx.xxxx.xxxxxxx" --outform pem > ca.crt
similar commands for server and client key+cert.
Please help me!
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220421/5a5f5247/attachment.html>
More information about the Users
mailing list