pothuganti sridhar
2016-07-25 15:38:45 UTC
Hi All,
I'm facing an issue in which the connection with Cisco EZVPN client is
failing with the error " The Peer certificate does;nt match with Phase1
ID". The issue is occurring in Strongswan version 5.2.0. We are using
IKev1 to establish a tunnel between Cisco EZVPN client and strongswan
server,
We found out the cause to be mismatch in the string formats between
Identification and Certificate payloads in the 6th message of Phase 1.
The certificate uses UTF8String format for encoding the RDN whereas the
Identification payload uses PrintableString format.
Is there any specific reason behind the usage of PrintableString format
irrespective of the encoding format used in the certificate?
Thanks,
Sridhar
I'm facing an issue in which the connection with Cisco EZVPN client is
failing with the error " The Peer certificate does;nt match with Phase1
ID". The issue is occurring in Strongswan version 5.2.0. We are using
IKev1 to establish a tunnel between Cisco EZVPN client and strongswan
server,
We found out the cause to be mismatch in the string formats between
Identification and Certificate payloads in the 6th message of Phase 1.
The certificate uses UTF8String format for encoding the RDN whereas the
Identification payload uses PrintableString format.
Is there any specific reason behind the usage of PrintableString format
irrespective of the encoding format used in the certificate?
Thanks,
Sridhar