I’m generating an ecdsa server cert but am getting the following errors.. I’ve built with openssl.. what am I missing?
# swanctl --load-creds loaded certificate from '/etc/swanctl/x509/vpnserver.crt' loaded certificate from '/etc/swanctl/x509/vpnserver1.crt' building CRED_PRIVATE_KEY - ANY failed, tried 4 builders loaded private key from '/etc/swanctl/private/vpnserver.key' loaded rsa key from '/etc/swanctl/private/vpnserver1.key’ List of X.509 End Entity Certificates subject: "CN=vpnserver1" issuer: "CN=Vivace Root CA" validity: not before May 15 07:00:32 2018, ok not after Jun 14 07:00:32 2019, ok (expires in 394 days) serial: c2:79:0c:c6:8b:27:50:6c altNames: vpnserver1, 35.177.138.182 flags: serverAuth ikeIntermediate OCSP URIs: http://127.0.0.1:2560 authkeyId: ff:4e:05:ee:8a:b3:d7:24:62:96:78:9a:b6:f0:51:82:b4:8f:f9:50 subjkeyId: d8:12:51:d5:a8:6c:d1:f3:f4:6e:77:d0:79:51:bc:1f:56:a3:0a:5e pubkey: RSA 2048 bits, has private key keyid: 6b:2a:e9:4f:82:d7:d1:cd:b4:3d:71:56:d9:90:62:1f:1a:c9:3a:a2 subjkey: d8:12:51:d5:a8:6c:d1:f3:f4:6e:77:d0:79:51:bc:1f:56:a3:0a:5e building CRED_CERTIFICATE - X509 failed, tried 3 builders parsing certificate failed openssl req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes \ -subj "/CN=vpnserver" \ -keyout /ca/private/vpnserver.key -out /ca/requests/vpnserver.csr openssl ca -config /ca/openssl.cnf -create_serial -days 395 \ -keyfile /ca/private/ca.key -cert /ca/ca.crt -passin pass:"${CAKEYPSWD}" \ -in /ca/requests/vpnserver.csr -notext \ -extfile <(cat <<EOF basicConstraints = CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer authorityInfoAccess = OCSP;URI:http://127.0.0.1:2560 extendedKeyUsage = serverAuth, ikeIntermediate subjectAltName = DNS:vpnserver EOF ) ./configure --prefix=/usr --sysconfdir=/etc \ --enable-systemd --enable-swanctl \ --disable-charon --disable-stroke --disable-scepclient \ --enable-eap-identity --enable-eap-mschapv2 --enable-md4 \ --enable-eap-tls --enable-eap-dynamic \ --enable-curl --enable-gcm --enable-openssl