[Openswan Users] oakley.log for letoto

James james at nttmcl.com
Mon Jun 4 14:22:47 EDT 2007


James wrote:
> Jacco de Leeuw wrote:
>   
>>> oh also on the windows side the built in xp client says
>>> "no valid machine certificate on your computer for security 
>>> authentication"
>>> i used certimport.exe to import the .p12 file
>>> my exact steps are as follows
>>>       
>> http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#Error781
>>
>> Looks like your PKCS#12 file does not contain a private key.
>>
>> Jacco
>>     
> I'm pretty sure my p12 file has a key file in it, but i dunno if windows 
> is reading it or something maybe.
> I had the experience with the linux clients that if the key information 
> wasn't on top in the key file then it wouldn't read the private key.
> so if in the key file it had the cert first then key then the 
> ipsec.secrets would fail. but if i had the key info first then cert 
> after it would be successful.
>
> but as for the p12 file i can do a
> shell> openssl pkcs12 -in client.p12 -out client.pem
> i see the following
> machine certfiicate
> ca certificate
> private key
>
> so anything else i should check?
> _______________________________________________
>   
oh also when i look at the certificate under the mmc in personal> 
certificate > properties
it notes "you have a private key that corresponds to this certificate"
BUT
it also says "this certificate is not valid because one of the 
certification authorities in the certification path does not appear to 
be allowed to use certificates or this certificate cannot be used as an 
end-entity certificate"

is that normal?
i used a self signed CA on my vpnserver


More information about the Users mailing list