[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Query on client authentication using EAP-TLS
From: Akash Deep <everakash () gmail ! com>
Date: 2015-02-23 14:16:04
Message-ID: CAEQvN3s1Gi1wCsrB_SEry-n-J5EmVGrGmWS2ER9yO8W-qQxTzg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
In* ipsec.secrets* I have given the following key:
:RSA fap-tls-10.prv
223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org %any : PSK abcd
223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org : EAP abcdedfgh
Still facing the issue.
Regards,
Akash
On Mon, Feb 23, 2015 at 6:36 PM, Martin Willi <martin@strongswan.org> wrote:
> Hi Akash,
>
> > no TLS peer certificate found for '
> 223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client
> authentication
> > EAP_TLS method failed
>
> As the TLS stack does not find a usable certificate with a private for
> your ID, it skips client authentication. Your server most likely
> requires that, though, and therefore cancels the TLS handshake.
>
> Check if you have configured the private key for your client certificate
> in ipsec.secrets, there is no related error in the startup log and that
> "ipsec listcerts" shows "has private key" for your client certificate.
>
> Regards
> Martin
>
>
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div>Hi,<br><br></div>In<u><b> ipsec.secrets</b></u> I \
have given the following key: <br><br><br>:RSA fap-tls-10.prv<br><br><a \
href="mailto:223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org" \
target="_blank">223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org</a> %any : PSK \
abcd<br><a href="mailto:223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org" \
target="_blank">223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org</a> : EAP \
abcdedfgh<br><br><br></div>Still facing the \
issue.<br><br></div>Regards,<br></div>Akash</div><div class="gmail_extra"><br><div \
class="gmail_quote">On Mon, Feb 23, 2015 at 6:36 PM, Martin Willi <span \
dir="ltr"><<a href="mailto:martin@strongswan.org" \
target="_blank">martin@strongswan.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi Akash,<br> <span class=""><br>
> no TLS peer certificate found for '<a \
href="mailto:223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org">223456789123456@nai.epc.mnc213.mcc090.3gppnetwork.org</a>', \
skipping client authentication<br> </span>> EAP_TLS method failed<br>
<br>
As the TLS stack does not find a usable certificate with a private for<br>
your ID, it skips client authentication. Your server most likely<br>
requires that, though, and therefore cancels the TLS handshake.<br>
<br>
Check if you have configured the private key for your client certificate<br>
in ipsec.secrets, there is no related error in the startup log and that<br>
"ipsec listcerts" shows "has private key" for your client \
certificate.<br> <br>
Regards<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
<br>
</font></span></blockquote></div><br></div>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic