Hi Tobias Thank you so much for all the help in solving this issue iam facing.
You are right iam getting the same error when i use the -check option for the priv key files. I will try to see why its so? Will get back to you with any updates/info. The surprising thing is that when i use the same certificate and corresponding private key file with Racoon (ikev1), they work perfectly and iam able to establish ike/ipsec tunnels successfully using these certs. Also when i try to verify whether the cert and the corresponding private-key match, using the following: openssl rsa -in <priv-key.pem> -noout -modulus | openssl sha1 openssl x509 -in <cert.pem> -noout -modulus | openssl sha1 they match perfectly as they should. But then again the private key file does seem to have consistency check error though? thanks & regards rajiv On Thu, Nov 10, 2011 at 11:56 PM, Tobias Brunner <tob...@strongswan.org>wrote: > Hi Rajiv, > > When I use > > openssl rsa -in mfcgw1key2.pem -check -noout > > on my x86_64 machine with OpenSSL 0.9.8o I get > > RSA key error: dmp1 not congruent to d > RSA key error: dmq1 not congruent to d > > which is also the reason why our libgmp based plugin doesn't like the > keys, i.e. > > > 00[LIB] key integrity tests failed > > is logged. Actually, OpenSSL reports this error for all the keys you > sent. So it sure looks like your keys got corrupted somehow (or never > were valid in the first place). > > Regards, > Tobias >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users