On 10 nov 2005, at 16.05, Heinrich Rebehn wrote:
isakmpd keeps reporting:
rsa_sig_decode_hash: RSA_public_decrypt () failed
dropped message from 134.102.176.91 port 500 due to notification type
INVALID_ID_INFORMATION
The other clients are still working fine. I have been double checking
the config files (which i did not change) and created new certificates
more than ones, but cannot find anything.
My question:
What requirements must ne met so that the certificate can be
decrypted?
Which public key is used? Is it sent along with the certificate?
The public key from the certificate, yes. (That's what a certificate
*is*, btw, a name (identity) tied to a public key.) The above message
is usually seen when the private and public keys don't match. I.e it
looks like the other node's private key does not match the public key
in it's certificate.
Another possibility is that the CA-cert isakmpd is configured with
does not validate the certificate the other node sends, i.e isakmpd
(or more precisecly the OpenSSL parts of it) does not trust the
certificate's public key.
/H
