[Openswan Users] problem connecting: INVALID_CERTIFICATE

Jacco de Leeuw jacco2 at dds.nl
Fri Dec 16 23:34:35 CET 2005

aram price wrote:

>     ignoring informational payload, type INVALID_CERTIFICATE
> conn l2tp-b-cert
>         authby=rsasig
>         leftcert=vpnserver.foo.com.pem 

If you are using Mac OS X, you also need leftid=@vpnserver.example.com
and the certificate should contain subjectAltName=DNS:vpnserver.example.com

Paul Wouters wrote:

> Are you using certificates on OSX? How did you configure those for X.509?

Perhaps he checked out my webpage:
(You'll love that import script! :-)

> I would try Windows first, X.509 on OSX is still very much untested and
> under strange restrains. I hope it will be better when 10.4.4 comes
> out in the next week.

Huh? You got inside information on that? I don't get the impression there
is much going on over there in Cupertino. The upcoming Openswan 2.4.5
on the other hand will be much more important because it contains updated
support for Mac clients.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
                     Mosquitos suck

More information about the Users mailing list