[Openswan Users] Problem with OpenSwan and windows mobile 6.0
Jacco de Leeuw
jacco2 at dds.nl
Thu Feb 28 06:42:14 EST 2008
Denis Beltramo wrote:
> for this case i have added at my openssl.cnf this line:
>
> extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth
> subjectAltName=IP:172.31.1.192 <http://172.31.1.192>
>
> ignoring informational payload, type INVALID_CERT_AUTHORITY
This error indicates that the Mac client does not find these EKUs
in the certificate that the server sends. Are you sure they have
been added to the server certificate? Check with:
openssl x509 -text -noout -in servercrt.pem
It should list no EKU at all, or:
X509v3 Extended Key Usage:
1.3.6.1.5.5.8.2.2, TLS Web Server Authentication
(The latter is actually the "serverAuth").
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list