[Openswan Users] Leopard IPsec initial test - failed

Alan Whinery whinery at hawaii.edu
Mon Oct 29 15:50:58 EDT 2007

Paul Wouters wrote:
> Did your user do an upgrade or a re-install? Perhaps if this was an upgrade,
> the certificate (or rather root/anchor ca) got copied into leopard?
> Paul
Sort of both...

He succeeded from each of two machines, both of which were upgraded from
Tiger to Leopard.

His notebook had previously had an installation of the personal/CA
certs, and although he upgraded with them in place, he never tried the
VPN until after he had deleted both CA and personal certs and
reinstalled the  new one. This was due to his old personal being about
to expire. He probably didn't need to delete the CA cert and reinstall
the same one, but he did. MacOS has proved very finicky about old (even
expired) certificates remaining in the keychain when a similar cert is
installed alongside it. (Windows, meanwhile, ignores expired certs.)

The home desktop was also installed as Tiger and upgraded to Leopard,
but never had any of our certs installed nor any VPN use, until after
the Leopard upgrade, last night.

Sort of off-purpose, but interesting -- we were exchanging S/MIME email
between his Mac Mail and my Thunderbird using our certs. With Tiger, his
cert was available for S/MIME after being installed into his Keychain
for the VPN purpose, but this has broken since upgrading to Leopard.


More information about the Users mailing list