[Openswan Users] problem connecting: INVALID_CERTIFICATE
aram price
me at aramprice.com
Fri Dec 16 15:02:18 CET 2005
On 16 Dec, 2005, at 14:34 , Jacco de Leeuw wrote:
>> ignoring informational payload, type INVALID_CERTIFICATE
>> conn l2tp-b-cert
>> authby=rsasig
>> leftcert=vpnserver.foo.com.pem
>
> If you are using Mac OS X, you also need leftid=@vpnserver.example.com
> and the certificate should contain
> subjectAltName=DNS:vpnserver.example.com
I've noticed this on your panther (time to update that to read
tiger? :-) FAQ.
is there a handy way to modify openssl.cnf so that this will be
prompted for
interactively, or does one have to add this to the config of each
machine doing:
./CA.sh -newreq
I ask because I've often just created the requests on the CA machine
which
probably shouldn't have subjectAltName set to be something other than
it's
own DNS value.
do you think that the lack of subjectAltName causing the
INVALID_CERTIFICATE error?
> Perhaps he checked out my webpage:
> http://www.jacco2.dds.nl/networking/freeswan-panther.html#Certs
> (You'll love that import script! :-)
I've been using the info here - very handy, thanks!
>> I would try Windows first, X.509 on OSX is still very much
>> untested and
>> under strange restrains. I hope it will be better when 10.4.4 comes
>> out in the next week.
>
> Huh? You got inside information on that? I don't get the impression
> there
> is much going on over there in Cupertino. The upcoming Openswan 2.4.5
> on the other hand will be much more important because it contains
> updated
> support for Mac clients.
I was curious about this as well.
I'll be happy when both are out, xp clients are my main concern but
I'll be
glad to use the VPN myself.
aram
More information about the Users
mailing list