Re: isakmpd: rsa_sig_decode_hash: RSA_public_decrypt () failed
On 10 nov 2005, at 16.05, Heinrich Rebehn wrote: isakmpd keeps reporting: rsa_sig_decode_hash: RSA_public_decrypt () failed dropped message from 134.102.176.91 port 500 due to notification type INVALID_ID_INFORMATION The other clients are still working fine. I have been double checking the config files (which i did not change) and created new certificates more than ones, but cannot find anything. My question: What requirements must ne met so that the certificate can be decrypted? Which public key is used? Is it sent along with the certificate? The public key from the certificate, yes. (That's what a certificate *is*, btw, a name (identity) tied to a public key.) The above message is usually seen when the private and public keys don't match. I.e it looks like the other node's private key does not match the public key in it's certificate. Another possibility is that the CA-cert isakmpd is configured with does not validate the certificate the other node sends, i.e isakmpd (or more precisecly the OpenSSL parts of it) does not trust the certificate's public key. /H
isakmpd: rsa_sig_decode_hash: RSA_public_decrypt () failed
Hi all, We have a VPN Gateway to allow "road warriors" to securely access our network from anywhere (home,wlan). It runs OpenBSD 3.7 and the "clients" are WinXPSP2 machines using the built-in IPSec. Authentication is done with X.509 certificates which are distributed as PKCS#12 files. This has been running fine for over a year now. Some days ago i had to reinstall a client beacuse of a disk problem, and i cannot get IPSec to work anymore. isakmpd keeps reporting: rsa_sig_decode_hash: RSA_public_decrypt () failed dropped message from 134.102.176.91 port 500 due to notification type INVALID_ID_INFORMATION The other clients are still working fine. I have been double checking the config files (which i did not change) and created new certificates more than ones, but cannot find anything. My question: What requirements must ne met so that the certificate can be decrypted? Which public key is used? Is it sent along with the certificate? I can post my config and logfiles if required Thanks for your help, Heinrich -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341
