[Openswan Users] CA Cert Expired!!
Agent Smith
news8080 at yahoo.com
Mon Nov 14 08:34:40 CET 2005
ya that is true about XP. I looked at the XP
certificates and I see that although the user
certificate is valid, the CA cert is shown as expired
and even when renewed it on the server side, I still
need to touch every client and post new certificates
there.
well I don't see any other way around it. Thanks for
the help though. much appriciated
--- Andreas Steffen <andreas.steffen at strongsec.net>
wrote:
> Agent Smith wrote:
> >
> > Thanks for that, I was able to generate a new
> cacert
> > and it does show up as a valid cert now in the
> 'ipsec
> > auto --listcacerts' output. the tunnels are still
> > broken with same error message.
>
> Which error message?
>
> > any suggestions?
>
> Windows XP might not accept the fact that the
> notBefore date of the
> re-issued CA cert is later than the notBefore date
> of the client certs.
> I don't know if the "openssl req" command accepts a
> "-startdate"
> parameter.
>
> Regards
>
> Andreas
>
>
=======================================================================
> Andreas Steffen e-mail:
> andreas.steffen at strongsec.com
> strongSec GmbH home:
> http://www.strongsec.com
> Alter Zürichweg 20 phone: +41 1 730
> 80 64
> CH-8952 Schlieren (Switzerland) fax: +41 1 730
> 80 65
> ==========================================[strong
> internet security]===
>
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
More information about the Users
mailing list