[Openswan Users] Problem with OpenSwan and windows mobile 6.0

Jacco de Leeuw jacco2 at dds.nl
Thu Feb 28 06:42:14 EST 2008


Denis Beltramo wrote:

> for this case i have added at my openssl.cnf this line:
> 
> extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth
> subjectAltName=IP:172.31.1.192 <http://172.31.1.192>
> 
> ignoring informational payload, type INVALID_CERT_AUTHORITY

This error indicates that the Mac client does not find these EKUs
in the certificate that the server sends. Are you sure they have
been added to the server certificate?  Check with:

openssl x509 -text -noout -in servercrt.pem

It should list no EKU at all, or:

  X509v3 Extended Key Usage:
    1.3.6.1.5.5.8.2.2, TLS Web Server Authentication

(The latter is actually the "serverAuth").

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list