Re: IPSec WinXP interop
On Fri, Dec 26, 2003 at 01:55:42AM +0100, Valentin Vidic wrote:
> On Fri, Dec 26, 2003 at 12:18:24AM +0000, Antony Gelberg wrote:
> > Dec 26 00:09:44 mailhost Pluto: loaded private key file
> > '/etc/ipsec.d/private/mailhostKey.pem' (1751 bytes)
> > Dec 26 00:09:44 mailhost Pluto: file coded in unknown format,
> > discarded
> > Dec 26 00:09:44 mailhost Pluto: "/etc/ipsec.secrets" line 1: error
> > loading RSA private key file
> That looks nasty. You better sort that out first. Perhaps you can find
> some test certificates online and try with them. My private key file
> looks like this:
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: ...
> some lines with encrypted key
> -----END RSA PRIVATE KEY-----
> > mailhost:~# cat /etc/ipsec.secrets
> > : RSA /etc/ipsec.d/private/mailhostKey.pem "xxx"
> My ipsec.secrets looks similar...
> > Note that the xxx is really the "export password" that I gave when I
> > generated the key.
> Try doing 'openssl des -d -in mailhostKey.pem' to see if that xxx
> really works.
It didn't work. I tried it on a newly-generated key as well.
mailhost:/usr/local/sslca# openssl des -d -in ./newreq.pem
enter des-cbc decryption password:
bad magic number
What could be wrong? The password that I'm entering is the one that
CA.sh prompts me with with "Enter PEM pass phrase:".