[Openswan Users] MacOS
Jacco de Leeuw
jacco2 at dds.nl
Sat Aug 4 19:50:06 EDT 2007
Alexandre Ghisoli wrote:
> I've a OpenSWAN server, working with RoadWarriors clients running on
> Windows and MacOS using X.509 certificates.
>
> Now, for new machines, we getting troubles to make it working, getting
> certificates errors.
I haven't tested yet with Mac OS X 10.4.10. Are your new machines running
10.4.10? What the difference between 'new' machines and 'old' machines?
> So it's probably related to a Apple patch arround OpenSSL since arround
> MacOS 1.4.6.
I'm fairly sure I have tested with 10.4.6. Are your certificates generated
with OpenSSL on a Mac?
> pluto[15126]: "win-rw"[8] 62.167.44.237 #41: ignoring informational
> payload, type INVALID_CERT_AUTHORITY
>
> As I can understand, the Mac say that my CA is not valid, but I've the
> cert in keychain, X509Anchors and defined to be valid for all usages.
Is the server picking the correct certificate? I would recommend using
rightca=%same
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list