Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Errors after PSK->Certs: failed to get subjectAltName

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 7.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      EmL
      last edited by

      Hi!

      I'd set up a IPSec Tunnel between 2 static pfsense endpoints via PSK in main mode which is working fine. After genereting certificates and changed IPSec from PSK to RSA Signature the tunnel won't come up anymore?

      The logs always shows this … racoon: ERROR: failed to get subjectAltName

      In the forum i found this ...

      http://forum.pfsense.org/index.php?topic=5207.0;prev_next=prev

      ... but i'm not shure if this is also my problem and if it's mine ... what is a asn1dn identifier and why i should need this (why it is not using the CommonNames from the certificates)?

      ps: I'm using actual 1.2-TESTING-SNAPSHOT-07-21-2007 built on Tue Aug 7 05:43:52 EDT 2007 ... before i had 1.2 RC1 which is the same behavior.

      1 Reply Last reply Reply Quote 0
      • E
        EmL
        last edited by

        Solved - for those who are interested:

        I made my Certs with XCA (very good Opensource CA solution) … and there i defined inside the Certificate no Subject Alternative Name ... after i created new certs with IP:123.123.123.123 (same as CN) as a alternative name, all works as it should!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.