Hi all,
I have configured Ikev2 in strongswan version 4.3.6 as below.
ipsec.conf on Host1
Ipsec.secrets on host1
Ipsec.conf on host2
Ipsec.secrets on host2
The Certificates are IP addresses based.
Host1 is made to act as responder alone. Ipsec connections are initiated from
Host2 always.
With above configuration, both connections r1~v1 and r2~v2 gets established
(Initiated from Host2).
Logs at Host1(Responder)
10[IKE] (vr2)14.0.0.2 is initiating an IKE_SA
10[IKE] sending cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
09[IKE] received cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
09[IKE] received end entity cert "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=ATCA_eipu2, [email protected]"
09[CFG] looking for peer configs matching
(vr2)30.0.0.1[(vr*)%any]...(vr2)14.0.0.2[(vr*)14.0.0.2]
09[CFG] selected peer config 'r1~v1'
09[CFG] using certificate "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=ATCA_eipu2, [email protected]"
09[CFG] using trusted ca certificate "C=de, ST=Bayern, L=Munich, O=Nokia
Siemens Networks, OU=RTP, CN=www.nokiasiemensnetworks.com,
[email protected]"
09[CFG] checking certificate status of "C=de, ST=Bayern, L=Munich, O=Nokia
Siemens Networks, OU=RTP, CN=ATCA_eipu2, [email protected]"
09[CFG] certificate status is not available
09[CFG] reached self-signed root ca with a path length of 0
09[IKE] authentication of '(vr*)14.0.0.2' with RSA signature successful
09[IKE] authentication of '(vr*)30.0.0.1' (myself) with RSA signature successful
10[IKE] 13.0.0.2 is initiating an IKE_SA
10[IKE] sending cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
12[IKE] received cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
12[IKE] received end entity cert "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=ATCA_eipu, [email protected]"
12[CFG] looking for peer configs matching
20.0.0.1[(vr*)%any]...13.0.0.2[(vr*)13.0.0.2]
12[CFG] selected peer config 'r2~v2'
12[CFG] using certificate "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=ATCA_eipu, [email protected]"
12[CFG] using trusted ca certificate "C=de, ST=Bayern, L=Munich, O=Nokia
Siemens Networks, OU=RTP, CN=www.nokiasiemensnetworks.com,
[email protected]"
12[CFG] checking certificate status of "C=de, ST=Bayern, L=Munich, O=Nokia
Siemens Networks, OU=RTP, CN=ATCA_eipu, [email protected]"
12[CFG] certificate status is not available
12[CFG] reached self-signed root ca with a path length of 0
12[IKE] authentication of '(vr*)13.0.0.2' with RSA signature successful
12[IKE] authentication of '(vr*)20.0.0.1' (myself) with RSA signature successful
But same configuration with secrets does not go through fine.
Host1 ipsec.conf, ipsec.secrets
Host 2 ipsec.conf, ipsec.secrets
When r1~v1, r2~v2 are initiated from Host2, Host1 fails the authentication with
below error :-
09[IKE] (vr2)14.0.0.2 is initiating an IKE_SA
09[IKE] sending cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
08[IKE] received cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
08[CFG] looking for peer configs matching
(vr2)30.0.0.1[(vr*)%any]...(vr2)14.0.0.2[(vr*)14.0.0.2]
08[CFG] selected peer config 'r1~v1'
08[IKE] no shared key found for '(vr*)%any' - '(vr*)14.0.0.2'
11[IKE] 13.0.0.2 is initiating an IKE_SA
11[IKE] sending cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
10[IKE] received cert request for "C=de, ST=Bayern, L=Munich, O=Nokia Siemens
Networks, OU=RTP, CN=www.nokiasiemensnetworks.com, [email protected]"
10[CFG] looking for peer configs matching
20.0.0.1[(vr*)%any]...13.0.0.2[(vr*)13.0.0.2]
10[CFG] selected peer config 'r2~v2'
10[IKE] no shared key found for '(vr*)%any' - '(vr*)13.0.0.2'
As far as my understanding goes, %any identity is looked for in ipsec.secrets
file of HOST1, which is not available and hence the error.
But then for certificates too, %any is not mentioned in ipsec.secrets file,
then how does the authentication goes through fine for both the connections
with the respective private keys at HOST1.
Can someone explain this.
Thanks
Sumit
# ipsec.conf
# FlexiPlatform: IPsec configuration file
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
ca r2~v2
cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r2~v2
rekeymargin=500
rekeyfuzz=100%
left=20.0.0.1
right=0.0.0.0
leftsubnet=20.0.0.1/32
rightsubnet=13.0.0.2/32
leftprotoport=1
rightprotoport=1
authby=rsasig
leftcert="/etc/ipsec/certs/ipsec.d/certs/cfpu-cert.pem"
leftid=20.0.0.1
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=0
ca r1~v1
cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r1~v1
rekeymargin=500
rekeyfuzz=100%
left=30.0.0.1
right=0.0.0.0
leftsubnet=30.0.0.1/32
rightsubnet=14.0.0.2/32
leftprotoport=1
rightprotoport=1
authby=rsasig
leftcert="/etc/ipsec/certs/ipsec.d/certs/cfpu2-cert.pem"
leftid=30.0.0.1
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=2
# //etc/ipsec.secrets
# FlexiPlatform: IPSec Pre-Shared-Key file
20.0.0.1 : RSA "/etc/ipsec/certs/ipsec.d/private/cfpu-key.pem"
30.0.0.1 : RSA "/etc/ipsec/certs/ipsec.d/private/cfpu2-key.pem"
# //etc/ipsec.secrets
# FlexiPlatform: IPSec Pre-Shared-Key file
20.0.0.1 13.0.0.2 : RSA "/etc/ipsec/certs/ipsec.d/private/eipu-key.pem"
30.0.0.1 14.0.0.2 : RSA "/etc/ipsec/certs/ipsec.d/private/eipu2-key.pem"
# ipsec.conf
# FlexiPlatform: IPsec configuration file
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
ca r2~v2
cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r2~v2
rekeymargin=50
rekeyfuzz=100%
left=13.0.0.2
right=20.0.0.1
leftsubnet=13.0.0.2/32
rightsubnet=20.0.0.1/32
leftprotoport=1
rightprotoport=1
authby=rsasig
leftcert="/etc/ipsec/certs/ipsec.d/certs/eipu-cert.pem"
leftid=13.0.0.2
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=0
ca r1~v1
cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r1~v1
rekeymargin=50
rekeyfuzz=100%
left=14.0.0.2
right=30.0.0.1
leftsubnet=14.0.0.2/32
rightsubnet=30.0.0.1/32
leftprotoport=1
rightprotoport=1
authby=rsasig
leftcert="/etc/ipsec/certs/ipsec.d/certs/eipu2-cert.pem"
leftid=14.0.0.2
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=2
# ipsec.conf
# FlexiPlatform: IPsec configuration file
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r2~v2
rekeymargin=500
rekeyfuzz=100%
left=20.0.0.1
right=0.0.0.0
leftsubnet=20.0.0.1/32
rightsubnet=13.0.0.2/32
leftprotoport=1
rightprotoport=1
authby=secret
leftid=20.0.0.1
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=0
conn r1~v1
rekeymargin=500
rekeyfuzz=100%
left=30.0.0.1
right=0.0.0.0
leftsubnet=30.0.0.1/32
rightsubnet=14.0.0.2/32
leftprotoport=1
rightprotoport=1
authby=secret
leftid=30.0.0.1
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=2
# //etc/ipsec.secrets
# FlexiPlatform: IPSec Pre-Shared-Key file
20.0.0.1 : PSK "secret"
30.0.0.1 : PSK "secret2"
# ipsec.conf
# FlexiPlatform: IPsec configuration file
config setup
charonstart=yes
plutostart=no
uniqueids=no
charondebug="knl 0,enc 0,net 0"
conn %default
auto=route
keyexchange=ikev2
reauth=no
conn r2~v2
rekeymargin=50
rekeyfuzz=100%
left=13.0.0.2
right=20.0.0.1
leftsubnet=13.0.0.2/32
rightsubnet=20.0.0.1/32
leftprotoport=1
rightprotoport=1
authby=secret
leftid=13.0.0.2
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=0
conn r1~v1
rekeymargin=50
rekeyfuzz=100%
left=14.0.0.2
right=30.0.0.1
leftsubnet=14.0.0.2/32
rightsubnet=30.0.0.1/32
leftprotoport=1
rightprotoport=1
authby=secret
leftid=14.0.0.2
rightid=%any
ike=aes128-md5-modp768!
esp=aes128-md5!
type=tunnel
ikelifetime=10000s
keylife=5000s
mobike=no
auto=route
reauth=no
encapdscp=yes
vrfid=2
# //etc/ipsec.secrets
# FlexiPlatform: IPSec Pre-Shared-Key file
20.0.0.1 13.0.0.2 : PSK "secret"
30.0.0.1 14.0.0.2 : PSK "secret2"
# openssl x509 -in cacert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e2:2b:97:cb:02:70:1b:f3
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d9:f9:37:c4:54:74:a5:a3:75:a0:d5:d3:b6:ca:
9c:bd:91:14:72:01:d2:c3:c5:98:9b:eb:18:a6:52:
31:d1:86:69:16:71:17:1c:84:51:22:4a:fa:2e:33:
70:bc:42:27:4b:31:a1:a9:1f:5a:f4:42:15:d8:e6:
7b:dd:87:74:f4:5c:29:0b:20:e9:a7:8e:76:ef:8f:
09:7a:cb:33:e2:99:7e:30:35:86:e6:a5:b0:20:b8:
0d:ff:60:f7:ee:98:64:96:3c:c9:4d:84:75:e2:a5:
b9:cd:ec:63:4a:ff:b4:48:ed:7a:e1:f2:8d:69:84:
d8:2b:cf:7e:61:21:56:03:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
0A:C2:2B:EF:8D:42:2A:D0:A2:4A:A8:C2:0F:F9:CA:12:50:D7:09:DA
X509v3 Authority Key Identifier:
keyid:0A:C2:2B:EF:8D:42:2A:D0:A2:4A:A8:C2:0F:F9:CA:12:50:D7:09:DA
DirName:/C=de/ST=Bayern/L=Munich/O=Nokia Siemens
Networks/OU=RTP/CN=www.nokiasiemensnetworks.com/[email protected]
serial:E2:2B:97:CB:02:70:1B:F3
Signature Algorithm: md5WithRSAEncryption
4a:ba:c8:68:bb:0f:81:0a:59:bc:8f:0e:9c:a8:ae:2e:49:42:
37:b4:2b:e8:20:f7:76:28:56:59:d3:75:d9:03:e0:f9:26:c4:
a7:80:3a:e8:8e:4e:d7:ed:5b:8a:91:5e:0f:7a:2a:62:c5:5c:
0c:6c:cc:64:9c:22:20:ba:86:95:16:ab:db:96:b1:17:e4:42:
2a:e7:22:c2:d1:b8:62:82:a5:e0:13:73:74:73:d3:91:b6:c0:
52:f5:78:92:09:38:3c:35:18:c4:3b:4d:b0:0d:9f:04:db:69:
22:ef:e1:0b:30:49:73:8e:30:34:aa:4f:7c:6d:0c:4f:43:f6:
c2:1e
# openssl x509 -in cfpu-cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=ATCA_cfpu/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:97:36:a3:ee:0e:f9:9a:f5:2e:bf:56:ac:97:87:
4f:8e:6b:db:5b:8d:d9:20:32:be:d0:84:f2:ab:55:
34:a1:c7:de:56:61:75:69:d8:21:f4:30:75:59:43:
c3:79:93:d9:2d:f7:dd:ae:7a:4b:4d:5d:d0:60:29:
48:3c:e5:53:1e:44:83:50:d1:4b:1c:80:71:8d:4b:
3b:92:88:1c:40:d5:e4:2b:fc:1e:c0:ed:72:77:6b:
25:3a:c8:cb:5b:20:04:5a:53:f5:16:c1:5a:21:a8:
f6:f2:01:1d:b0:aa:f5:c3:1f:4d:b0:50:90:63:a4:
5a:0e:36:a6:e7:d3:6b:d5:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
IP Address:20.0.0.1
Signature Algorithm: sha1WithRSAEncryption
69:ab:4b:de:f6:1e:3b:2e:aa:f5:08:19:ed:fc:00:fa:1d:1b:
1f:ce:c2:73:14:6c:f9:13:7d:16:1f:3f:0c:5f:ba:b9:51:18:
b1:95:69:fe:b6:e6:bc:f3:02:15:9d:34:f2:8e:ae:be:f6:db:
64:79:7d:26:52:cc:52:52:31:70:78:53:9a:80:dc:58:04:62:
39:6c:8f:d3:0b:65:d1:5a:34:a0:f9:a8:7b:7a:13:ba:87:86:
df:a6:36:51:b4:ac:27:06:dc:76:7b:30:e1:dd:85:ac:d1:71:
13:36:fd:9f:8d:9b:f3:a0:b2:6e:00:a9:f2:53:42:22:24:3e:
5c:bb
# openssl x509 -in cfpu2-cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=ATCA_cfpu2/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:e6:27:25:a0:d9:bf:ec:c7:09:7c:f3:ee:26:7e:
1f:a0:ae:f6:e3:60:1c:3c:bb:cc:1f:2a:81:59:13:
69:69:1a:a6:76:4f:5e:af:b2:06:72:05:f4:c2:e5:
e8:e0:a0:69:af:e6:88:94:95:33:61:8a:71:25:2f:
30:26:db:7e:be:ff:c1:af:cd:07:93:9e:7f:ba:a3:
ec:10:5e:54:46:d5:64:d1:ba:53:d1:5e:05:67:e1:
d7:a3:27:32:61:c4:ed:ba:cf:41:f2:f7:4f:4d:53:
ba:b8:36:21:c4:f1:a1:61:f6:10:8f:55:49:27:5d:
90:8d:90:a4:b7:d3:a6:83:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
IP Address:30.0.0.1
Signature Algorithm: sha1WithRSAEncryption
5f:bd:31:d9:a5:f9:8a:f6:79:86:41:99:ca:8c:5e:4a:97:6d:
2a:35:47:9f:ad:35:78:7b:3a:9c:62:20:d6:63:9d:85:a8:5d:
2c:59:77:0d:d0:da:94:56:70:62:dd:2c:5f:8f:86:15:73:69:
9a:39:b9:a8:1e:00:be:2e:40:4d:cb:62:db:87:dc:b0:57:88:
26:07:a9:22:c5:14:d6:01:1d:0e:bf:4d:8d:3e:cf:8e:f8:9f:
6c:2b:99:39:47:13:b1:d7:9c:4a:2c:b4:50:7d:7c:7a:bc:1c:
34:ad:84:55:6b:53:8d:84:58:ee:bd:8f:aa:0a:a6:fd:c1:97:
87:3c
# openssl x509 -in cacert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e2:2b:97:cb:02:70:1b:f3
Signature Algorithm: md5WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d9:f9:37:c4:54:74:a5:a3:75:a0:d5:d3:b6:ca:
9c:bd:91:14:72:01:d2:c3:c5:98:9b:eb:18:a6:52:
31:d1:86:69:16:71:17:1c:84:51:22:4a:fa:2e:33:
70:bc:42:27:4b:31:a1:a9:1f:5a:f4:42:15:d8:e6:
7b:dd:87:74:f4:5c:29:0b:20:e9:a7:8e:76:ef:8f:
09:7a:cb:33:e2:99:7e:30:35:86:e6:a5:b0:20:b8:
0d:ff:60:f7:ee:98:64:96:3c:c9:4d:84:75:e2:a5:
b9:cd:ec:63:4a:ff:b4:48:ed:7a:e1:f2:8d:69:84:
d8:2b:cf:7e:61:21:56:03:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
0A:C2:2B:EF:8D:42:2A:D0:A2:4A:A8:C2:0F:F9:CA:12:50:D7:09:DA
X509v3 Authority Key Identifier:
keyid:0A:C2:2B:EF:8D:42:2A:D0:A2:4A:A8:C2:0F:F9:CA:12:50:D7:09:DA
DirName:/C=de/ST=Bayern/L=Munich/O=Nokia Siemens
Networks/OU=RTP/CN=www.nokiasiemensnetworks.com/[email protected]
serial:E2:2B:97:CB:02:70:1B:F3
Signature Algorithm: md5WithRSAEncryption
4a:ba:c8:68:bb:0f:81:0a:59:bc:8f:0e:9c:a8:ae:2e:49:42:
37:b4:2b:e8:20:f7:76:28:56:59:d3:75:d9:03:e0:f9:26:c4:
a7:80:3a:e8:8e:4e:d7:ed:5b:8a:91:5e:0f:7a:2a:62:c5:5c:
0c:6c:cc:64:9c:22:20:ba:86:95:16:ab:db:96:b1:17:e4:42:
2a:e7:22:c2:d1:b8:62:82:a5:e0:13:73:74:73:d3:91:b6:c0:
52:f5:78:92:09:38:3c:35:18:c4:3b:4d:b0:0d:9f:04:db:69:
22:ef:e1:0b:30:49:73:8e:30:34:aa:4f:7c:6d:0c:4f:43:f6:
c2:1e
# openssl x509 -in eipu-cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=ATCA_eipu/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a0:17:ea:77:4e:51:5d:d3:11:4c:f5:4b:70:ec:
4e:c9:11:e5:96:41:98:10:df:ba:a4:38:9f:28:64:
33:7d:90:a7:64:10:63:e7:0a:8f:b2:8d:6c:d6:cb:
80:46:76:c6:9b:eb:3a:9a:fc:a0:04:ed:f3:9c:ef:
db:ba:10:df:e8:d2:eb:ca:b4:56:05:d3:25:e2:35:
d9:fb:21:cb:84:87:f6:25:d7:09:e2:4e:4d:58:ea:
02:fc:ec:1a:98:98:42:2a:97:4a:e5:cf:04:61:b5:
98:7d:35:7f:6d:b8:35:c6:ce:56:b2:5d:d7:87:8b:
69:51:70:28:60:af:be:b8:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
IP Address:13.0.0.2
Signature Algorithm: sha1WithRSAEncryption
46:0c:07:6c:e8:a3:34:b4:3f:88:78:15:9c:66:b9:7d:4b:34:
a9:75:21:4d:40:ba:93:c3:04:39:18:83:64:18:7a:e5:c4:b8:
22:a8:00:89:07:9d:1e:21:e2:ec:5b:50:34:bb:43:d5:a6:77:
85:66:79:6f:c5:d8:80:15:0d:c5:26:73:51:55:0b:ec:90:d3:
60:a8:50:f7:73:21:f1:6c:8c:a4:4e:d1:da:da:3b:e0:9b:c5:
e4:b1:28:6b:83:15:41:5a:57:5d:9e:2a:df:a0:05:4d:8a:be:
90:58:d4:32:3f:cc:27:4a:f4:5a:af:c8:69:5b:c7:02:da:77:
3f:f8
# openssl x509 -in eipu2-cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=www.nokiasiemensnetworks.com/[email protected]
Validity
Not Before: Jan 28 10:57:16 2015 GMT
Not After : Feb 27 10:57:16 2015 GMT
Subject: C=de, ST=Bayern, L=Munich, O=Nokia Siemens Networks, OU=RTP,
CN=ATCA_eipu2/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:e0:47:42:76:8d:3c:94:2d:53:f9:91:50:0e:5b:
eb:ab:a8:79:a5:88:c6:50:bc:8a:f6:39:ce:f4:4c:
6e:d9:06:cf:64:4f:32:b3:8e:e0:30:f9:fb:eb:28:
9a:44:9d:5b:ac:fd:0a:d2:fe:7b:4e:d2:b1:8c:12:
78:64:3e:8c:5e:6c:2d:61:00:d7:d5:f5:94:64:53:
cd:f5:6e:dd:7a:75:4d:b0:2d:07:74:7b:25:b7:bb:
f2:fa:84:27:4a:cf:a4:2a:85:95:03:d5:35:fb:8b:
14:16:60:ba:a0:88:e0:10:7b:cd:54:da:ff:41:c7:
86:67:15:21:25:6e:a0:20:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
IP Address:14.0.0.2
Signature Algorithm: sha1WithRSAEncryption
02:8f:58:f2:93:4e:1f:bb:a8:50:b5:1b:4d:35:1a:e7:d3:46:
90:c2:bf:e6:90:8e:93:67:49:a3:46:bf:4a:2b:6c:bd:df:9e:
96:1e:fc:30:a4:71:e8:89:b0:35:17:2b:03:8f:b4:92:ca:4c:
02:fc:33:84:ab:43:c5:40:ac:ce:d2:b4:66:d2:0a:da:97:5a:
b4:3b:04:2e:fb:00:5f:2e:1d:2c:df:0f:9b:c4:05:5d:48:2b:
fd:cd:07:8a:35:07:d1:dd:48:8a:d5:40:0b:db:dc:60:7b:21:
8f:13:f1:9d:44:08:d7:cc:54:73:93:7f:2f:97:99:0b:b5:c5:
94:c1
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
