+ Reply to Thread
Results 1 to 2 of 2
  1. November 13th, 2007 02:05 PM #1
    Vaibhav Agarwal
    Vaibhav Agarwal is offline
    Junior Member Vaibhav Agarwal is on a distinguished road
    Join Date
    Nov 2007
    Posts
    1

    Query regarding DER format certificate & key

    Hi,

    I converted PEMformat certificate & key to DER format using these commands :-
    CA certificate :-
    openssl x509 -in demoCA/cacert.pem -inform PEM -out demoCA/cacert.der -outform DER

    Own certificate: -
    openssl x509 -in tester_cert.pem -inform PEM -out tester_cert.der -outform DER

    Private Key: -
    openssl rsa -in tester_key.pem -inform PEM -out tester_key.der -outform DER

    But now I start negotation using racoon, during negotation it gives error:-

    2007-11-02 16:16:19: DEBUG: filename: /etc/IPSec/certs/tester_cert.der
    2007-11-02 16:16:59: ERROR: failed to get my CERT.
    2007-11-02 16:16:59: ERROR: failed to get own CERT.
    2007-11-02 16:16:59: ERROR: failed get my ID
    2007-11-02 16:16:59: ERROR: failed to process packet.
    2007-11-02 16:16:59: ERROR: phase1 negotiation failed.


    If I use PEM format files it works fine, racoon support DER format key & certificate or not ?
    please any one help me.

    Thanks,
    Vaibhav
    Reply With Quote Reply With Quote
  2. November 13th, 2007 05:37 PM #2
    phishphreek
    phishphreek is offline
    AO übergeek phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek has a reputation beyond repute phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    AFAIK, yes. That error sounds to me like either 1. the cert is not in the /etc/IPSec/certs/ folder or 2. The permissions on the cert are incorrect.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 01:51 PM
  2. Using network sniffing, perl, and sockets to recreate (replay) network connections
    By nebulus200 in forum Other Tutorials Forum
    Replies: 0
    Last Post: August 3rd, 2004, 05:32 PM
  3. Foot Printing with Host
    By SonofGalen in forum The Security Tutorials Forum
    Replies: 7
    Last Post: February 9th, 2004, 10:14 AM
  4. HOW TO: sign a certificate request with OpenSSL
    By thehorse13 in forum The Security Tutorials Forum
    Replies: 0
    Last Post: February 11th, 2003, 01:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides