Project

General

Profile

Issue #3136

Certificate status is not available

Added by Louis garcia 19 days ago. Updated 13 days ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.8.0
Resolution:
No change required

Description

I'm trying to setup a VPN between a Home Agent and a Mobile Node. The issue is that I couldn't make it work so I searched on my log file (/var/log/syslog) to find some hints. The point is that there are 2 phases: the first one is to negotiate the mobility header and the second one is to negotiate the tunnel. The first one apparently works fine but the tunnel connection can't be loaded. In my log files I found this:

checking certificate status of "CN=homeagent" 
certificate status is not available
    reached self-signed root ca with a path length of 0

I don't know if this message could be the reason. I read some posts about it, and I understand that this message is just to tell you that the certificate couldn't be verified, but in my case, I don't use the CRL or OCSP file. I don't want to specify which certificates are revoked and I didn't set "strictcrlpolicy=yes".

My question is: does this message mean that the certificate is not useful to setup the VPN ?

History

#1 Updated by Andreas Steffen 19 days ago

  • Status changed from New to Feedback
  • Assignee set to Andreas Steffen

The line

certificate status is not available

is just informational and is issued when no CRL or OCSP server is available. The all important line should follow after

reached self-signed root ca with a path length of 0

and should be of the form

authentication of 'CN=homeagent' with RSA_EMSA_PKCS1_SHA2_256 successful.

if the authentication has succeeded. When the authentication fails than usually the following error messeage is issued

no trusted RSA public key found for 'CN=homeagent'

#2 Updated by Louis garcia 19 days ago

Thank you Andreas !

#3 Updated by Tobias Brunner 13 days ago

  • Category set to configuration
  • Status changed from Feedback to Closed
  • Resolution set to No change required

Also available in: Atom PDF