Hi team swan,
I'm trying to configure 2 local host to test ipsec Security Association between
them
Scenario : host to host communication using x509 certificate being
exchanged.
Steps followed : 1. CA certificate is generated locally using openssl rsa
command at one of the host and same is copied to other host
2. host certificates are then generated by
generating csr request by the host to the self signed CA certificate(generated
locally in above step) using openssl
3. host certificates signed by same CA is
then exported to p12 format and imported to upload to nss database
4. its got imported to nss database is
verified by checking using - ipsec look
Issue : In the pluto log encountering below and IKE is
failing after that
certificate contains no subjectAltName extension
"mytunnel" #8: certificate does not contain subjectAltName=hostB.cert.com
Note: SAN cnf is created and added in host certificates(verified by checking
certificate content). Theres no other error as till 4th main message IKE was
going good(verified from pluto log and wireshark). So after that seek help here
to understand issue that why IKE is not successful? Does above issue is causing
it?
Thanks in advance
Mayur
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
