[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPSec WinXP interop

On Fri, Dec 26, 2003 at 01:55:42AM +0100, Valentin Vidic wrote:
> On Fri, Dec 26, 2003 at 12:18:24AM +0000, Antony Gelberg wrote:
> > Dec 26 00:09:44 mailhost Pluto[4416]:   loaded private key file
> > '/etc/ipsec.d/private/mailhostKey.pem' (1751 bytes)
> > Dec 26 00:09:44 mailhost Pluto[4416]:   file coded in unknown format,
> > discarded
> > Dec 26 00:09:44 mailhost Pluto[4416]: "/etc/ipsec.secrets" line 1: error
> > loading RSA private key file
> 
>   That looks nasty. You better sort that out first. Perhaps you can find
> some test certificates online and try with them. My private key file
> looks like this:
> 
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: ...
> 
> some lines with encrypted key
> 
> -----END RSA PRIVATE KEY-----

Mine too.

> > mailhost:~# cat /etc/ipsec.secrets
> > : RSA /etc/ipsec.d/private/mailhostKey.pem "xxx"
> 
>   My ipsec.secrets looks similar...
> 
> > Note that the xxx is really the "export password" that I gave when I
> > generated the key.
> 
>   Try doing 'openssl des -d -in mailhostKey.pem' to see if that xxx
> really works.

It didn't work.  I tried it on a newly-generated key as well.

mailhost:/usr/local/sslca# openssl des -d -in ./newreq.pem
enter des-cbc decryption password:
bad magic number

What could be wrong?  The password that I'm entering is the one that
CA.sh prompts me with with "Enter PEM pass phrase:".

A
Reply to: