[vpn-help] Unable to verify remote peer certificate
Michael
shrewlist at encambio.com
Wed Mar 31 07:44:22 CDT 2010
Hello list,
I'm using the shrew ike daemon (packaged with the Qt client) version
2.1.4 on Ubuntu Linux 9.10. The goal is a roadwarrior installation
with X.509 certificate authentication.
When using preshared keys this same configuration works. Mobile
clients using other software (IPSecuritas) with the same
certificates I'm loading in Shrew work as well so...
The problem is that I see 'Gateway authentication error' in the
GUI window after trying to connect. The log /var/log/iked.log:
ii : unable to get local issuer certificate(20) at depth:0
ii : subject :/CN=name.host.tld
!! : unable to verify remote peer certificate
The host 'name.host.tld' is in the SubjectAltName of the X.509
certificate loaded on the ike v1 server m0n0wall 1.31. I have
concatanated the root and intermediate CA certificates of CaCert.org
to the file 'cacert-combi.pem':
s:ident-server-type:asn1dn
s:auth-server-cert:/home/username/.ike/certs/cacert-combi.pem
s:auth-client-cert:/home/username/.ike/certs/myclienthost-cacert-rsa-4096-crt.pem
s:auth-client-key:/home/username/.ike/keys/myclienthost-cacert-rsa-4096-key.pem
What can be the problem?
Thanks,
Michael
More information about the vpn-help
mailing list