Issue #3136

Certificate status is not available

Added by Louis garcia 6 months ago. Updated 6 months ago.

Affected version:
No change required


I'm trying to setup a VPN between a Home Agent and a Mobile Node. The issue is that I couldn't make it work so I searched on my log file (/var/log/syslog) to find some hints. The point is that there are 2 phases: the first one is to negotiate the mobility header and the second one is to negotiate the tunnel. The first one apparently works fine but the tunnel connection can't be loaded. In my log files I found this:

checking certificate status of "CN=homeagent" 
certificate status is not available
    reached self-signed root ca with a path length of 0

I don't know if this message could be the reason. I read some posts about it, and I understand that this message is just to tell you that the certificate couldn't be verified, but in my case, I don't use the CRL or OCSP file. I don't want to specify which certificates are revoked and I didn't set "strictcrlpolicy=yes".

My question is: does this message mean that the certificate is not useful to setup the VPN ?


#1 Updated by Andreas Steffen 6 months ago

  • Status changed from New to Feedback
  • Assignee set to Andreas Steffen

The line

certificate status is not available

is just informational and is issued when no CRL or OCSP server is available. The all important line should follow after

reached self-signed root ca with a path length of 0

and should be of the form

authentication of 'CN=homeagent' with RSA_EMSA_PKCS1_SHA2_256 successful.

if the authentication has succeeded. When the authentication fails than usually the following error messeage is issued

no trusted RSA public key found for 'CN=homeagent'

#2 Updated by Louis garcia 6 months ago

Thank you Andreas !

#3 Updated by Tobias Brunner 6 months ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Resolution set to No change required

Also available in: Atom PDF