[Openswan Users] Re: MacOSX 10.4.2: same problems woth NAT-T
Jacco de Leeuw
jacco2 at dds.nl
Wed Jul 13 23:41:40 CEST 2005
Alan Whinery wrote:
> I've been playing with this off and on over the last month. One slight,
> discouraging revelation was that if you enable the root account and log
> into the gui as root (if I remember correctly), then you can import the
> X.509 certificate with the Apple keyring app, then the CA cert (I am
> using a local CA), which gets you past the initial "no machine
> certificate" stuff.
I read a message on one of the Mac forums that confirm this. Looks like
we are making progress!
> The milestone (stumbling block?) I'm currently sitting on on the Mac
> 10.4.2 side is:
> Jun 14 09:21:56 bender pluto[1744]: "roadwarrior-l2tp"[380] 128.171.6.56
> #1287: ignoring informational payload, type INVALID_CERTIFICATE
>
> Wherein the mac appears to be complaining about the server's
> certificate. None of the many Windows clients complain about that
> certificate -- Macs are too whiny.
Wait, perhaps I can chip in here:
http://lists.openswan.org/pipermail/users/2005-July/005651.html
Did your certificates contain these special EKUs (properties)?
Apple may actually be right on this one.
> I'm doing a talk on this next week in Vancouver, I'm kind of giving up
> on getting rid of the word "probably" from the Mac slide...
Perhaps it's worth one final try?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list