[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd + x509

To: Marcel Beltz <amb@beltz.info>
Subject: Re: isakmpd + x509
From: Hakan Olsson <ho@crt.se>
Date: Tue, 25 Feb 2003 16:28:57 +0100 (CET)
Cc: OpenBSD <misc@openbsd.org>

On Tue, 25 Feb 2003, Marcel Beltz wrote:

> hello,
>
> i have a little question about isakmpd and x509. i create the
> certificates like discribed in README.PKI. if i start isakmpd i get a
> errormessage:
>
> 141829.446650 Default x509_read_from_dir: PEM_read_bio_X509 failed for
> ca.crt
> 141829.447208 Default x509_read_from_dir: PEM_read_bio_X509 failed for
> test.info.crt
>
> have you are hind for me where i have to search for a solution??

The certificates are broken somehow or can't be read. I can't say the
exact reason why, but try

  'openssl x509 -in ca.crt -noout -text'

It should give you the certificate in a human-readable form.  'isakmpd'
uses the same OpenSSL library functions as 'openssl', so you should get
the same errors, although possibly openssl is a bit more verbose about
them... (popular opinion is that isakmpd generates enough debug info as it
is :)

Otherwise, ca.crt should be installed to the ca/ subdirectory, and the
test.info.crt to the certs/ subdir.

/H

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

Follow-Ups:
- Re: isakmpd + x509
  - From: Marcel Beltz <amb@beltz.info>

References:
- isakmpd + x509
  - From: Marcel Beltz <amb@beltz.info>

Prev by Date: Re: litte OpenBSD like PicoBSD
Next by Date: snmpd & mrtg problem from port collection
Prev by thread: isakmpd + x509
Next by thread: Re: isakmpd + x509
Index(es):
- Date
- Thread