Problem with X.509 certificate with IPSec

From:	"David Yerger" <dyerger at stcservices dot com>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Problem with X.509 certificate with IPSec
Date:	Wed, 2 Sep 2009 16:10:42 -0400

I verified that the private key matches the certificate:

[root@indium certs]# openssl x509 -noout -modulus -in soekris.pem |
openssl md5 0c52c864d1a57fb2e0fb92f26d582e8b
[root@indium certs]# openssl rsa -noout -modulus -in
soekris.decrypted.key | openssl md5
0c52c864d1a57fb2e0fb92f26d582e8b

But when I load them into the IPSec config, I get no tunnel.  This is
what's logged:

Sep 2 19:16:18 	racoon: WARNING: No ID match.
Sep 2 19:16:18 	racoon: ERROR: 256:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not
01:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_
pk1.c:100: 256:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/
rsa_eay.c:625:
Sep 2 19:16:18 	racoon: ERROR: Invalid SIG.

I'm on m0n0wall, Version	1.3b18
Platform 	Soekris net4801

Thanks in advance!

David Yerger