Re: [Users] freeswan-x509 <-> freeswan-x509

From: Thomas Will (thomas.will_at_xinux.de)
Date: Mon Aug 19 2002 - 11:08:22 CEST

• Next message: job: "*****SPAM***** [Users] Else enable end endtrace enter erase escape"
• Previous message: Holzhacker Paul: "[Users] freeswan singleDES Patch"
• In reply to: Andreas Steffen: "Re: [Users] freeswan-x509 <-> freeswan-x509"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andreas Steffen wrote:

> Probably your user certificate is not valid yet. When you generate
> a certificate on a different machine the clocks can differ, so
> that the notBefore certificate field specifies a time in the future.
>
> Workaround: Go for a coffee and try again when you come back ;-)
>
> Andreas
>
ok thx very much ;) that was the solution .
now i can establish a sa but i get a strange message in my auth.log

Aug 19 09:22:45 snake pluto[6265]: "krabbel" #2278: deleting state
(STATE_QUICK_R2)
Aug 19 09:22:45 snake pluto[6265]: "krabbel" #2277: deleting state
(STATE_MAIN_R3)
Aug 19 09:22:55 snake pluto[6265]: loaded host cert file
'/etc/ipsec.d/linkscert.pem' (1257 bytes)
Aug 19 09:22:55 snake pluto[6265]: loaded host cert file
'/etc/ipsec.d/rechtscert.pem' (1245 bytes)
Aug 19 09:22:55 snake pluto[6265]: added connection description "krabbel"
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2279: initiating Main Mode
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2279: Peer ID is
ID_DER_ASN1_DN: 'C=de, ST=p, O=xinux, OU=dv, CN=spiderman'
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2279: Issuer CA
certificate not found
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2279: X.509 certificate
rejected
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2279: ISAKMP SA established
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2280: initiating Quick
Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK
Aug 19 09:23:00 snake pluto[6265]: "krabbel" #2280: sent QI2, IPsec SA
established

why do i get first "Issuer CA certificate not found" and "X.509
certificate rejected"
if in the following ISAKMP SA is established

regards

-- 
- thomas will -
- xinux - networking - security - consulting - training -
- fon 06332 44040 - fax 06332 44041 - mobil 0171 8054788 -
- 66482 zweibruecken - etzelweg 65 - http://www.xinux.de -
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: job: "*****SPAM***** [Users] Else enable end endtrace enter erase escape"
• Previous message: Holzhacker Paul: "[Users] freeswan singleDES Patch"
• In reply to: Andreas Steffen: "Re: [Users] freeswan-x509 <-> freeswan-x509"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 13:19:45 CEST