Charon-nm not able to find TLS certificate #437
-
Hi, maybe someone can help me trying to figure out with NetworkManager and Strongswan's IKEv2 EAP-TLS authentication. At work we have some firewall appliances acting as IKEv2 endpoints, and user authentication is done with Microsoft NPS (Radius). User certificates are enrolled by an internal CA and deployed either with autoenroll (Windows 10) or exported manually (Linux). Here are some relevant files: ipsec: charon_nm: Private key is decrypted and cert information is as attached: I followed what was recommended in this link of serverfault.com changing one of the SANs with no luck. Tests are done on a fresh Ubuntu 21.01 with Strongswan 5.9.1-1ubuntu1 and Strongswan-nm 5.9.1-1ubuntu1 Thanks in advance EDIT: corrected error on pseudonimization in user_cert.openssl.txt as quoted by @tobiasbrunner |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 10 replies
-
Does the SAN actually match the identity you configured? (In your modified output it doesn't.) You could also try increasing the log level for tls (via |
Beta Was this translation helpful? Give feedback.
Does the SAN actually match the identity you configured? (In your modified output it doesn't.) You could also try increasing the log level for tls (via
charon-nm.syslog.daemon.tls
in strongswan.conf) to see what's going on during the handshake.