[Swan-dev] ikev2-x509-02-eku

Paul Wouters paul at nohats.ca
Sun Feb 3 02:57:42 UTC 2019

On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:

> Subject: [Swan-dev] ikev2-x509-02-eku
> This failed for me last night.
> +002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED

Seems due to:

"ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate for attempted operation.

I guess you are not using the latest nss 3.41 ?

Maybe run a yum update in your guests?
Easiest is to bring up east, west and nic

ssh root at nic and issue /testing/guestbin/nic-internet

Then ssh into west and east and run yum update

with nss 3.39 the test fails. with 3.41 it passes.


More information about the Swan-dev mailing list