[Swan-dev] ikev2-x509-02-eku
Paul Wouters
paul at nohats.ca
Sun Feb 3 02:57:42 UTC 2019
On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
> Subject: [Swan-dev] ikev2-x509-02-eku
>
> This failed for me last night.
>
> +002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request rejected by peer: AUTHENTICATION_FAILED
Seems due to:
"ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate for attempted operation.
I guess you are not using the latest nss 3.41 ?
Maybe run a yum update in your guests?
Easiest is to bring up east, west and nic
ssh root at nic and issue /testing/guestbin/nic-internet
Then ssh into west and east and run yum update
with nss 3.39 the test fails. with 3.41 it passes.
Paul
More information about the Swan-dev
mailing list