[Users] <no subject>

From: Elmar Grote (elmargrote_at_web.de)
Date: Tue Jul 30 2002 - 12:43:17 CEST

• Next message: norbert: "[Users] Pluto internal error"
• Previous message: John A. Sullivan III: "Re: [Users] DHCP over IPSEC implemented?"
• Next in thread: Markus Koellner: "[Users] Re: <no subject>"
• Reply: Markus Koellner: "[Users] Re: <no subject>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello

I tested for a while with the Router and I think that there is something wrong with my certificates.

I looked at this message :
SPD: Can not determine per-rule trusted CA root set for remote identity der_asn1_dn(any:0,[0..171]=C=DE, ST=Berlin, L=Berlin, O=CARANO Softwareentwicklungs GmbH,
OU=Administration, CN=Elmar Grote, MAILTO=admin_at_carano.de). Using only globally trusted root's

So he could not find an entry for the CA?

When i put the ID wich i in my opinion the id from the freeswan peer:
<MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=CARANO Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>
the message does'nt come anymore.

But this message is still comming:
Phase-1 [initiator] between der_asn1_dn(udp:500,[0..144]=C=DE, ST=Berlin, O=Carano Softwareentwicklungs GmbH,
OU=Neubrandenburg, CN=Elmar Grote/Email\=admin_at_carano.de) and der_asn1_dn(any:0,[0..171]=C=DE, ST=Berlin, L=Berlin, O=CARANO Softwareentwicklungs
GmbH, OU=Administration, CN=Elmar Grote, MAILTO=admin_at_carano.de) for peer 1, traffic 2 failed; Invalid signature.

Could the error be the organisation in the freeswan cert ( Carano... <=> CARANO...)?
Or the comon name in the bintec cert?
Which entrys have to be the same in the CA CERT an the peers CERT(C, ST,O,.....)?

Freeswan CERT
SubjectName = <MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=CARANO Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>
IssuerName = <MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=Carano Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>
 
 CA CERT
SubjectName = <MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=Carano Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>
 IssuerName = <MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=Carano Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>
 
 Bintec CERT
SubjectName = <CN=Elmar Grote/Email\=admin_at_carano.de, OU=Neubrandenburg, O=Carano Softwareentwicklungs GmbH, ST=Berlin, C=DE>
IssuerName = <MAILTO=admin_at_carano.de, CN=Elmar Grote, OU=Administration, O=Carano Softwareentwicklungs GmbH, L=Berlin, ST=Berlin, C=DE>

A some other question. Do i every time have to reboot the router (cmd=reboot) when I'm making some changes?
Or is saving enough?

Thanks so much

Elmar
______________________________________________________________________________
FreeMail in der Premiumversion! Mit mehr Speicher, mehr Leistung, mehr
Erlebnis und mehr Praemie. Jetzt unter http://club.web.de/?mc=021105

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: norbert: "[Users] Pluto internal error"
• Previous message: John A. Sullivan III: "Re: [Users] DHCP over IPSEC implemented?"
• Next in thread: Markus Koellner: "[Users] Re: <no subject>"
• Reply: Markus Koellner: "[Users] Re: <no subject>"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST