Certificate status is not available
I'm trying to setup a VPN between a Home Agent and a Mobile Node. The issue is that I couldn't make it work so I searched on my log file (/var/log/syslog) to find some hints. The point is that there are 2 phases: the first one is to negotiate the mobility header and the second one is to negotiate the tunnel. The first one apparently works fine but the tunnel connection can't be loaded. In my log files I found this:
checking certificate status of "CN=homeagent" certificate status is not available reached self-signed root ca with a path length of 0
I don't know if this message could be the reason. I read some posts about it, and I understand that this message is just to tell you that the certificate couldn't be verified, but in my case, I don't use the CRL or OCSP file. I don't want to specify which certificates are revoked and I didn't set "strictcrlpolicy=yes".
My question is: does this message mean that the certificate is not useful to setup the VPN ?
#1 Updated by Andreas Steffen 6 months ago
- Status changed from New to Feedback
- Assignee set to Andreas Steffen
certificate status is not available
is just informational and is issued when no CRL or OCSP server is available. The all important line should follow after
reached self-signed root ca with a path length of 0
and should be of the form
authentication of 'CN=homeagent' with RSA_EMSA_PKCS1_SHA2_256 successful.
if the authentication has succeeded. When the authentication fails than usually the following error messeage is issued
no trusted RSA public key found for 'CN=homeagent'