[Swan] IKE failure/Issue with Subject Alternative Name
Mayur Nakade
Mayur.Nakade at radisys.com
Thu Oct 12 14:22:39 EEST 2023
Hi team swan,
I'm trying to configure 2 local host to test ipsec Security Association between them
Scenario : host to host communication using x509 certificate being exchanged.
Steps followed : 1. CA certificate is generated locally using openssl rsa command at one of the host and same is copied to other host
2. host certificates are then generated by generating csr request by the host to the self signed CA certificate(generated locally in above step) using openssl
3. host certificates signed by same CA is then exported to p12 format and imported to upload to nss database
4. its got imported to nss database is verified by checking using - ipsec look
Issue : In the pluto log encountering below and IKE is failing after that
certificate contains no subjectAltName extension "mytunnel" #8: certificate does not contain subjectAltName=hostB.cert.com
Note: SAN cnf is created and added in host certificates(verified by checking certificate content). Theres no other error as till 4th main message IKE was going good(verified from pluto log and wireshark). So after that seek help here to understand issue that why IKE is not successful? Does above issue is causing it?
Thanks in advance
Mayur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20231012/d2380a0c/attachment.htm>
More information about the Swan
mailing list