[Openswan Users] Help with certificates and win2k l2tp to openswan on Fedora Core 4

Don Himelrick dch at fidlar.com
Mon Nov 14 13:30:48 CET 2005


I've been trying to find help on my own with this for days with no
luck...  But how do I troubleshoot certificate problems?  I've followed
Nate Carlson's howto and jacco's howto with no avail.  I have generated
self signed certificates/keys and put them in
/etc/ipsec.d/{certs cacerts private crls}/
on my public vpn server (public.mydomain.biz)
and I have exported a .p12 file into win2k (winhost.example.com) using
mmc.  According to /var/log/secure, these four files load when I start
up ipsec.  When I try to connect, windows give me an "error 786: No
valid machine certificate...." and when I open the certificate with mmc
it says I have a private key but "windows does not have enough
information to verify this certificate".  Under the "certification path"
tab, it says something like it cannot find a server to verify the
certificate.

Does windows need to be able to verify the certificate independently of
ipsec?

If so, how do I test my Certificate Authority?

If not, how do I rectify the Certification Path problem?

I am sooo confused, this is much harder than anything else I have ever
done with linux.  I'm sure there is some fundamental piece of the puzzle
that just isn't clicking with me just yet :(

Thanks for any help,
Don



More information about the Users mailing list