[Users] Wierd certificate validity dates

Craig Emery Thu, 31 Jul 2003 12:44:36 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear All,


I've got RedHat 7.3
FreeS/WAN freeswan-1.99_x509_0.9.15_2.4.20_18.7-1 and 
freeswan-module-1.99_x509_0.9.15_2.4.20_18.7-1

After following instructions on http://www.natecarlson.com/linux/ipsec-x509.php I'm 
trying to get a Windows XP client to start an X.509 VPN rod warrior connection to my 
Linux gateway.

When I start FreeS/WAN I see in /var/log/secure this:

Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'Jul 31 13:51:41 UTC 2003'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L3 - notAfter:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'Dec 31 23:59:59 UTC 1969'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - subject:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'C=GB, ST=Cambridgeshire, 
L=Cambridge, O=Emery, CN=EmeryCA, [EMAIL PROTECTED]
rld.com'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - subjectPublicKeyInfo:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L3 - algorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L4 - algorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'rsaEncryption'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L3 - subjectPublicKey:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L4 - RSAPublicKey:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - modulus:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   4d
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - publicExponent:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   01 00 01
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - optional extensions:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L3 - extensions:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L4 - extension:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnID:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'subjectKeyIdentifier'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - critical:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   FALSE
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnValue:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   04 14 c1 e5  69 f8 9d 63  06 57 
8d 58  31 05 aa 43
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   1e 76 5e 72  66 f1
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L4 - extension:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnID:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'authorityKeyIdentifier'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - critical:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   FALSE
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnValue:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L4 - extension:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnID:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'basicConstraints'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - critical:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   FALSE
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L5 - extnValue:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   30 03 01 01  ff
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L6 - basicConstraints:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L7 - CA:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   ff
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   TRUE
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - signatureAlgorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - algorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'md5WithRSAEncryption'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - signature:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: Changing to directory 
'/etc/ipsec.d/crls'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]:   loaded crl file 'crl.pem' (678 
bytes)
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   file content is not binary ASN.1
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   -----BEGIN X509 CRL-----
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   -----END X509 CRL-----
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   file coded in PEM format
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L0 - certificateList:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - tbsCertList:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - signature:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L3 - sigAlg:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'md5WithRSAEncryption'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - issuer:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'C=GB, ST=Cambridgeshire, 
L=Cambridge, O=Emery, CN=EmeryCA, [EMAIL PROTECTED]
rld.com'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - thisUpdate:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'Jul 31 14:02:23 UTC 2003'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - nextUpdate:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'Aug 30 14:02:23 UTC 2003'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - signatureAlgorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L2 - algorithm:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   'md5WithRSAEncryption'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - signature:
[snip]
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]:   could not open my default X.509 
cert file '/etc/x509cert.der'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: OpenPGP certificate file 
'/etc/pgpcert.pgp' not found
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | next event EVENT_SHUNT_SCAN in 119 
seconds
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | *received whack message
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: listening for IKE messages
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | found lo with address 127.0.0.1
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | found eth0 with address 81.96.76.24
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | found eth1 with address 192.168.16.1
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | found ipsec0 with address 
81.96.76.24
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | IP interface eth1 192.168.16.1 has 
no matching ipsec* interface -- ignored
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: adding interface ipsec0/eth0 
81.96.76.24
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | IP interface lo 127.0.0.1 has no 
matching ipsec* interface -- ignored
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | could not open /proc/net/if_inet6
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: loading secrets from 
"/etc/ipsec.secrets"
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]:   loaded private key file 
'/etc/ipsec.d/private/hilly.dynalias.net.key' (1743 bytes
)
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   file content is not binary ASN.1
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   -----BEGIN RSA PRIVATE KEY-----
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   Proc-Type: 4,ENCRYPTED
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   DEK-Info: 
DES-EDE3-CBC,8EC722483579EB31
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   -----END RSA PRIVATE KEY-----
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   decrypting file using 
'DES-EDE3-CBC'
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: |   file coded in PEM format
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L0 - RSAPrivateKey:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - version:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - modulus:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - publicExponent:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - privateExponent:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - prime1:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - prime2:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - exponent1:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - exponent2:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | L1 - coefficient:
Jul 31 20:22:30 pc2-cmbg4-6-cust24 pluto[18703]: | next event EVENT_SHUNT_SCAN in 119 
seconds


And the *really* wierd thing is the validity dates for my gateways's certificate.

It seems that the dates are transposed!

Any ideas what I could have done?

TIA

Craig Emery,
Cambridge, UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/KXAgBIRM2chQkvERAqUAAJ4kLyl0t69DN1Bc67RZvEJ/vIhXnwCeJRs1
1VJo3rbpyl56Zv07sVkBF3w=
=Lh8r
-----END PGP SIGNATURE-----

[Users] Wierd certificate validity dates

Reply via email to