Ah! Thank you! BR, Andreas ons 1 nov. 2017 kl. 20:36 skrev Mike Larkin <[email protected]>:
> On Wed, Nov 01, 2017 at 09:08:08AM +0000, Andreas Thulin wrote: > > Hi! > > > > I’m trying to set up iked on machine A, to create a tunnel between > machines > > A and B. ikectl produces errors when creating a certificate with my > ”test” > > ca, and I have failed to understans why: > > > > # ikectl ca test certificate 192.168.1.1 create > > Generating RSA private key, 2048 bit long modulus > > ......................................+++ > > ..........+++ > > e is 65537 (0x10001) > > You are about to be asked to enter information that will be incorporated > > into your certificate request. > > What you are about to enter is what is called a Distinguished Name or a > DN. > > There are quite a few fields but you can leave some blankFor some fields > > there will be a default value, > > If you enter '.', the field will be left blank. > > ----- > > Country Name (2 letter code) [DE]: > > State or Province Name (full name) [Lower Saxony]: > > Locality Name (eg, city) [Hanover]: > > Organization Name (eg, company) [OpenBSD]: > > Organizational Unit Name (eg, section) [iked]: > > Common Name (eg, fully qualified host name) [192.168.1.1]: > > Email Address [[email protected]]: > > Using configuration from /etc/ssl/test/192.168.1.1-ssl.cnf > > Check that the request matches the signature > > Signature ok > > The Subject's Distinguished Name is as follows > > countryName :PRINTABLE:'DE' > > stateOrProvinceName :ASN.1 12:'Lower Saxony' > > localityName :ASN.1 12:'Hanover' > > organizationName :ASN.1 12:'OpenBSD' > > organizationalUnitName:ASN.1 12:'iked' > > commonName :ASN.1 12:'192.168.1.1' > > emailAddress :IA5STRING:'[email protected]' > > ERROR: adding extensions in section x509v3_IPAddr > > 2226969360:error:22FFF06D:X509 V3 routines:func(4095):invalid null > > value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355: > > 2226969360:error:22FFF069:X509 V3 routines:func(4095):invalid extension > > > string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=IP: > > 2226969360:error:22FFF080:X509 V3 routines:func(4095):error in > > extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName, > > value=IP: > > # > > > > The machine is i386 running 6.2-stable. > > > > I assume I’m doing something wrong, or have missed something in previous > > steps (I followed the example steps from the ikectl man page). Any tips > on > > where to start digging/understanding/learning/fixing would be highly > > appreciated. > > > > BR, Andreas > > Search the archives, there's a diff to fix this from Oct 25 or so, but it > has not been committed yet. > > -ml >
