[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 67) Re: How trust a certification authotiry

To: Fabrizio.Invernizzi@TILAB.COM
Subject: (racoon 67) Re: How trust a certification authotiry
From: Shoichi Sakane <sakane@tanu.org>
Date: Fri, 28 Mar 2003 15:40:26 +0900
Cc: racoon@kame.net
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgoing@kame.net
Delivered-to: racoon@kame.net
In-reply-to: Your message of "Thu, 20 Mar 2003 17:46:02 +0100" <625BE97BF4795E43970345790166B9BC120B90@EXC2K01B.cselt.it>
References: <625BE97BF4795E43970345790166B9BC120B90@EXC2K01B.cselt.it>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

> i am using racoon (netBSD 1.6) with certificates and I need to trust a certification authority. I installed the CA certificate file in my openssl cert dir and create a link named <cert hash>.0 to the cert file, but when i set the  "verify_cert on" in racoon, i obtain this error message
> 
> Mar 20 17:53:02 Faito racoon: INFO: isakmp.c:803: begin Identity Protection mode.
> Mar 20 17:53:04 Faito racoon: ERROR: crypto_openssl.c:337: unable to get local issuer certificate(20) at depth:0 SubjectName:/C=IT/O=o/OU=IPsec Devices/CN=cn
> Mar 20 17:53:04 Faito racoon: ERROR: oakley.c:1291: Invalid authority of the CERT.

the 2nd message meant that racoon could not get the file of the issuer's
certificate of the certificate which sent by the peer.
please make sure if the CA certificate file you installed in the directory
is the issuer's one.

References:
- (racoon 60) How trust a certification authotiry
  - From: Invernizzi Fabrizio <Fabrizio.Invernizzi@TILAB.COM>

Prev by Date: (racoon 66) Re: Phase 1 problem
Next by Date: (racoon 68) Re: Dynamic IP with FreeBSD and RouteFinder Multitech VPN
Previous by thread: (racoon 60) How trust a certification authotiry
Next by thread: (racoon 61) Configuring racoon with multiple road-warriors
Index(es):
- Date
- Thread