[Openswan Users] more fun with macs
Bob Miller
bob at computerisms.ca
Tue Apr 20 02:42:12 EDT 2010
Hello List,
For what ever reason, it seems Mac OS, openswan and me do not get along
too well...
I have a 10.5.8 mac client. I have openswan 2.6.25 compiled from source
on a Debian build.
I have created a self signed CA, created a cert for the firewall, and
two certs for macs (one of which I am working on now). I have created
the firewall's cert with the subjectAltName as is described on Jacco's
and other's pages. At least when I use `openssl x509 -text -in
cerfile.pem` I have a line that reads:
X509v3 Subject Alternative Name:
with DNS:fqdn.server.name, which is the same as the CN of the Subject.
However, when I do debugging on the mac, I see this:
ERROR: failed to get subjectAltName
DEBUG: Discarding CERT: does not match ID
So I added a leftid= line to my ipsec.conf, but that gave me a "no
connection known for" error. I also verified there are no EKUs in my
certs
Other than that there is no error in the server logs.
Am I misinterpreting something, or leaving something out, that might
make this happen?
Bob Miller
334-7117/633-3760
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions
More information about the Users
mailing list