On 21 Jun 2002, Mike Hicks wrote: > I followed the instructions you have there, but it seems that the > certificates I've generated and signed don't get recognized as being > signed (I get the error "Issuer CA certificate not found" from pluto). > > I have my CA cert in /etc/ipsec.d/cacerts (in both PEM and DER format, > just for grins), and it does show up when I do `ipsec auto > --listcacerts'. I can still connect if I have a copy of the remote > certificate in /etc/ipsec.d and make reference to it in > /etc/ipsec.conf > > I suppose it might just be a bug in the version of FreeS/WAN that I > have, though.. Hmmm.. very odd. Does it error out when trying to load the CA certificate? You should see a message like: Jun 21 06:35:16 precept Pluto[425]: Changing to directory '/etc/ipsec.d/cacerts' Jun 21 06:35:16 precept Pluto[425]: loaded cacert file 'RootCA.der' (1286 bytes) Jun 21 06:35:16 precept Pluto[425]: Changing to directory '/etc/ipsec.d/crls' Jun 21 06:35:16 precept Pluto[425]: loaded crl file 'crl.pem' (743 bytes) on starting frees/wan. -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500