[Openswan Users] Strange Problem with X509 certificates
Rolf Offermanns
roffermanns at sysgo.com
Mon Dec 13 09:25:38 CET 2004
Lists CC wrote:
> I then setup a second gateway, the procedure was the same. The strange
> thing is that i cannot connect: i export the .DER of the CA and import
> it on the Client, i export the PKCS12 certificate and import in the
> client but the connection gives me, server side, an "INVALID ID
> NOTIFICATION". It seems that the Linux IPSEC Gateway does not like the
> ID that the client sends. The configuration is the same of the first
> machine.
> Where can i look?
What did you specify as ID in your /etc/ipsec.conf?
Can you post the relevant pieces from your Logfiles?
First guess:
If you specify an Fully qualified username or a FQDN you
*have to* specify these as "SubjectAlternativeName" in your
Certificate. Otherwise OpenSwan will not accept it.
-Rolf
--
Rolf Offermanns <roffermanns at sysgo.com>
SYSGO AG Tel.: +49-6136-9948-0
Am Pfaffenstein 14 Fax: +49-6136-9948-10
55270 Klein-Winternhein http://www.sysgo.com
More information about the Users
mailing list