Racoon Error Failed To Get Subjectaltname
Contents |
get subjectAltName « previous next » Print Pages: [1] Go Down Author Topic: Errors after PSK->Certs: failed to get subjectAltName (Read 6567 times) 0 Members failed to get proposal for responder mikrotik and 1 Guest are viewing this topic. EmL Full Member
Ignore Information Because Isakmp-sa Has Not Been Established Yet
Posts: 184 Karma: +0/-0 Errors after PSK->Certs: failed to get subjectAltName « on: August 07, 2007, spdadd 06:32:10 am » Hi!I'd set up a IPSec Tunnel between 2 static pfsense endpoints via PSK in main mode which is working fine. After genereting certificates and changed IPSec from PSK to RSA Signature the tunnel won't come up anymore?The logs always shows this ... racoon: ERROR: failed to get subjectAltNameIn the forum i found this ...http://forum.pfsense.org/index.php?topic=5207.0;prev_next=prev... but i'm not shure if this is also my problem and if it's mine ... what is a asn1dn identifier and why i should need this (why it is not using the CommonNames from the certificates)?ps: I'm using actual 1.2-TESTING-SNAPSHOT-07-21-2007 built on Tue Aug 7 05:43:52 EDT 2007 ... before i had 1.2 RC1 which is the same behavior. Logged EmL Full Member Posts: 184 Karma: +0/-0 Re: Errors after PSK->Certs: failed to get subjectAltName « Reply #1 on: August 22, 2007, 07:01:09 am » Solved - for those who are interested:I made my Certs with XCA (very good Opensource CA solution) ... and there i defined inside the Certificate no Subject Alternative Name ... after i created new certs with IP:123.123.123.123 (same as CN) as a alternative name, all works as it should! Logged Print Pages: [1] Go Up « previous next » pfSense Forum» pfSense English Support» IPsec» Errors after PSK->Certs: failed to get subjectAltName SMF 2.0.10 | SMF © 2015, Simple Machines Flagrantly by, Crip XHTML RSS WAP2 Page created in 0.075 seconds with 19 queries.
CN. You have to set a subjectAltName field even if it contains nothing besides a copy of the CN. Heed this warning, or you'll fall victim to the following:
racoon: 2008-12-02 14:47:21: ERROR:
racoon: 2008-12-02 14:47:21: ERROR: failed to get subjectAltName
racoon: 2008-12-02 14:47:21: ERROR: no peer's CERT payload found. Of course… the misery that is tricking openssl https://forum.pfsense.org/index.php?topic=5774.0 to create a cert with the subjectAltName in it is outside the scope of this simple blog entry. Maybe a lengthy one at a later date… http://www.mail-archive.com/openssl-users@openssl.org/msg47641.html Like this:Like Loading... Related Written by Lee Verberne 2008/12/02 at 21:12 Posted in Internet, Unix-type stuff Tagged with ipsec « Installing Apache https://verb.bz/2008/12/02/racoon-requires-subjectaltname-for-x509-ike/ modules on Mac OS XLeopard Helping openssl find yourcert » Leave a Reply Cancel reply Enter your comment here... Please log in using one of these methods to post your comment: Email (Address never made public) Name Website You are commenting using your WordPress.com account. (LogOut/Change) You are commenting using your Twitter account. (LogOut/Change) You are commenting using your Facebook account. (LogOut/Change) You are commenting using your Google+ account. (LogOut/Change) Cancel Connecting to %s Notify me of new comments via email. Notify me of new posts via email. Search for: Categories Containers Hardware Internet pfsense Rants Telephony Uncategorized Unix-type stuff BSD Linux OS X Recent Posts Alpine Linux doesn't work with KubeDNS.Sad. Hardening SSH Backup to Google Cloud Storage using duplicity0.6.22 OSError with duplicity 0.6.19 on OpenBSD and OSX Updated OpenBSD softraid installpage RSSRSS - PostsRSS - Comments Blog at WordPress.com. %d bloggers like this:
instructions: Windows Mac Red Hat Linux Ubuntu Click URL instructions: Right-click on ad, choose "Copy Link", then paste here → (This may not be possible https://sourceforge.net/p/ipsec-tools/mailman/message/32033293/ with some types of ads) More information about our ad policies X You seem to have CSS turned off. Please don't fill out this field. You seem to have CSS http://marc.info/?t=133177709400004&r=1&w=2 turned off. Please don't fill out this field. Briefly describe the problem (required): Upload screenshot of ad (required): Select a file, or drag & drop file here. ✔ ✘ failed to Please provide the ad click URL, if possible: Home Browse IPsec Tools Mailing Lists IPsec Tools Brought to you by: mit_warlord Summary Files Reviews Support Wiki Mailing Lists Tickets ▾ Bugs Support Requests Patches Feature Requests Code ipsec-tools-announce ipsec-tools-commits ipsec-tools-devel ipsec-tools-users Re: [Ipsec-tools-devel] [PATCH] Add IPv6 address support to X509 subjectAltName parser Re: [Ipsec-tools-devel] [PATCH] Add IPv6 address failed to get support to X509 subjectAltName parser From: Timo Teras
Re: Racoon failed to get subjectAltName freebsd-q Da Rock 2. 2012-03-15 Racoon failed to get subjectAltName freebsd-q Da Rock Configure | About | News | Addalist | SponsoredbyKoreLogic