Slightly less Random Ramblings

December 4, 2011

Curious Key Corruption

Filed under: Uncategorized — Tags: , , , , , , , — Robert Wicks @ 12:02 pm

I used the easy-rsa script to generate some new server certs recently, and found that my strongswan install on OpenWRT could not load the RSA key. This despite the fact that the same key works fine in OpenVPN on the same server. The interesting thing is that when I use the build-key-pkcs12 script instead of the build-key-server script, and then use openssl on the router to extract the cert and key, the key works. it is also a different size. The key kept coming up as 1704 bytes when using the server script, but 1669 bytes with the pkcs12 script. Since the pkcs12 script works, I suggest using it always. It generates the key and crt files any way, even though the extracted key file was a different size than the generated one with the same set of files. There must be a bug somewhere.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: