OCSP verification fails in Strongswan (IKEv2)

ikev2ipsecocspstrongswan

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP responder (openssl ocsp -port 80 ...). I can see how the server is able to reach the OCSP, send a query and get a reply, but finally the verification fails.

Here's what the logs say in the server (the IPsec responder):

charon: 01[CFG] checking certificate status of "C=ES, ST=Gipuzkoa, L=Donostia-San Sebastian, O=Tecnalia, CN=client@localhost"
charon: 01[CFG]   requesting ocsp status from 'http://ocsp.localhost' ...
charon: 01[CFG]   using trusted ca certificate "C=ES, ST=Gipuzkoa, L=Donostia-San Sebastian, O=Tecnalia, CN=Tecnalia Root CA"
charon: 01[CFG]   reached self-signed root ca with a path length of 0
charon: 01[CFG]   using trusted certificate "C=ES, ST=Gipuzkoa, L=Donostia-San Sebastian, O=Tecnalia, CN=ocsp.localhost"
charon: 01[CFG]   using certificate "C=ES, ST=Gipuzkoa, L=Donostia-San Sebastian, O=Tecnalia, CN=ocsp.localhost"
charon: 01[CFG] no issuer certificate found for "C=ES, ST=Gipuzkoa, L=Donostia-San Sebastian, O=Tecnalia, CN=ocsp.localhost"
charon: 01[CFG] ocsp response verification failed
charon: 01[CFG] ocsp check failed, fallback to crl

For convenience I've replicated the same certificate files in all the hosts (output trimmed):

/etc/ipsec.d# ls -lR

./cacerts:
total 4
-rw-r--r-- 1 root root 1367 Nov  2 09:53 ca.cert.pem

./certs:
total 8
-rw-r--r-- 1 root root 1432 Nov  2 09:53 client.cert.pem
-rw-r--r-- 1 root root 1700 Nov  2 09:53 localhost.cert.pem

./crls:
total 0

./ocspcerts:
total 4
-rw-r--r-- 1 root root 1379 Nov 10 09:32 ocsp.cert.pem

It is a very simple path where a CA (ca.cert.pem) signs all the certificates – the server certificate (localhost.cert.pem), the client one (client.cert.pem) and the one used by the OCSP responder (ocsp.cert.pem).

This is what I have in the server's ipsec.conf:

ca strongswan-ca
        cacert=ca.cert.pem
        ocspuri=http://ocsp.localhost
        auto=add

I think everything is around that nasty "no issuer certificate found" error, but so far can't tell why is that happening. If I query the OCSP responder with openssl it doesn't give any verification errors.

Best Answer

Well, turns out that this

For convenience I've replicated the same certificate files in all the hosts

and this

If I query the OCSP responder with openssl it doesn't give any verification errors

were, well, false. At some point I messed up my keys and the OCSP cert/key were different in the OCSP server than in the other machines. So @ecdsa is totally right in their comment.

Everything's fine with my posted configuration and once I regenerated all the keys and certs again everything worked fine.

Related Solutions

Nginx – OCSP validation – unable to get local issuer certificate

Those two errors was unrelated although the error message was same.

[...]SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 [...] Start Time: 1411583991 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate)

Above error was issued openssl_client command. As explained by Florian Heigl, you get this error because the openssl_client need the Globalsign Root cert in /etc/ssl/certs.

OCSP_basic_verify() failed (SSL: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:Verify error:unable to get local issuer certificate) while requesting certificate status, responder: gv.symcd.com

For this error, it was issued by nginx ocsp routine, especially when you add ssl_stapling_verify on; line in nginx.conf.

Here some excerpt from the documentation of ssl_stapling_verify to explain why it throws the error

Syntax: ssl_stapling_verify on | off;

Enables or disables verification of OCSP responses by the server.

For verification to work, the certificate of the server certificate issuer, the root certificate, and all intermediate certificates should be configured as trusted using the ssl_trusted_certificate directive.

In other words, you need provide (2) Intermediate CA Bundle (RapidSSL SHA256 CA - G3) and (3) Intermediate CA Bundle (GeoTrust Global CA) to ssl_trusted_certificate directive.

cat GeoTrustGlobalCA.crt rapidsslG3.crt > ocsp-chain.crt

and add ocsp-chain.crt to ssl_trusted_certificate directive.

PfSense/strongSwan “deleting half open IKE_SA after timeout” – IPSec connection Android 4.4 to pfSense 2.2.1 fails

I've been having this exact same issue.

As per this [IKEv1 can't connect from Android's default vpn client], there is a bug in the current Android VPN IKEv1 client that happens if aggressive mode is selected and a "IPsec identifier" is used to configure the Android client.

The solution is to clear the "IPsec identifier" entry from the android client and in Phase 1 proposal the negotiation mode should be Main.

In my setup the Phase 1 proposal (Authentication) : Authentication method is Mutual PSK + Xauth and not just Mutual PSK.

Best Answer

Related Solutions

Nginx – OCSP validation – unable to get local issuer certificate

PfSense/strongSwan “deleting half open IKE_SA after timeout” – IPSec connection Android 4.4 to pfSense 2.2.1 fails

Related Topic