{"id":110,"date":"2009-03-19T09:32:12","date_gmt":"2009-03-19T07:32:12","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=110"},"modified":"2009-03-19T09:32:12","modified_gmt":"2009-03-19T07:32:12","slug":"probleme-linux-certificat-non-reconnu","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=110","title":{"rendered":"Probl\u00e8me Linux : certificat non reconnu"},"content":{"rendered":"<p>Un certificat non reconnu provoque est visible dans les logs du serveur <code>\/var\/log\/auth.log<\/code><br \/>\nApr\u00e8s la s\u00e9quence de n\u00e9gociation correcte :<br \/>\n<small><code>Mar 18 13:24:54 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: responding to Main Mode from unknown peer 172.21.7.202<br \/>\nMar 18 13:24:54 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br \/>\nMar 18 13:24:54 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: STATE_MAIN_R1: sent MR1, expecting MI2<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02\/03: no NAT detected<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: STATE_MAIN_R2: sent MR2, expecting MI3<\/code><\/small><\/p>\n<p>Et l&rsquo;erreur proprement dite :<br \/>\n<small><code>Mar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, ST=Franche-Comte, O=UFC, OU=CRI, CN=choucroute, E=vpn-master@univ-fcomte.fr'<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: no crl from issuer \"C=FR, ST=Franche-Comte, L=Besancon, O=UFC, OU=CRI, CN=CAvpn, E=vpn-master@univ-fcomte.fr\" found (strict=no)<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: no suitable connection for peer 'C=FR, ST=Franche-Comte, O=UFC, OU=CRI, CN=choucroute, E=vpn-master@univ-fcomte.fr'<br \/>\nMar 18 13:24:55 debian pluto[6621]: \"vpn-l2tp-XP\"[1] 172.21.7.202 #1: sending encrypted notification INVALID_ID_INFORMATION to 172.21.7.202:500<\/code><\/small><br \/>\nL&rsquo;interpr\u00e9tation de l&rsquo;erreur est assez simple puisque nous voyons que le certificat de choucroute contient <code>OU=CRI<\/code> ce qui n&rsquo;est pas une valeur attendu (<code>LINUX, XP, MACOS<\/code>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Un certificat non reconnu provoque est visible dans les logs du serveur \/var\/log\/auth.log Apr\u00e8s la s\u00e9quence de n\u00e9gociation correcte : Mar 18 13:24:54 debian pluto[6621]: \u00ab\u00a0vpn-l2tp-XP\u00a0\u00bb[1] 172.21.7.202 #1: responding to Main Mode from unknown peer 172.21.7.202 Mar 18 13:24:54 debian pluto[6621]: \u00ab\u00a0vpn-l2tp-XP\u00a0\u00bb[1] 172.21.7.202 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Mar 18 13:24:54 debian [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[42,6,62],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-informations-utilisateurs","tag-certificat","tag-linux","tag-probleme"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/110\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}