[Swan] Unknown RSA Key
Paul Wouters
paul at nohats.ca
Tue Dec 16 23:19:41 EET 2014
On Tue, 16 Dec 2014, Phil Daws wrote:
> am new to libreswan and attempting to set up an IPSEC tunnel between two subnets. The issue am facing is that when I bring up the connection I see:
>
> "network1" #28: no RSA public key known for 'CN=fwl01.bbb'
>
> yet if I check the NSS database the certificate is there and the CN is correct. This is how my connection looks:
>
> conn network1
> leftid="CN=fwl01.aaa"
> leftrsasigkey=%cert
> leftcert="fwl01-aaa"
> rightid="CN=fwl01.bbb"
That's most likely wrong. Unless you set the "friendly_name" on the
PKCS#12 import to "CN=fwl01.bbb" instead of "CN=fwl01.bbb".
I assume you are left, and only have the left certificate and its CA in
your nss, You would write:
leftid=%fromcert
leftcert=fwl01-aaa
leftrsasigkey=%cert
#rightid does not need to be specified
rightrsasigkey=%cert
# optionally:
leftsendcert=always
See also:
https://libreswan.org/wiki/Using_NSS_with_libreswan
https://libreswan.org/wiki/Migrating_from_Openswan
Paul
More information about the Swan
mailing list