Re: [Ipsec-tools-devel] ipsec-tools vs cisco client
Brought to you by:
mit_warlord,
netbsd
From: T|Ck <ti...@yn...> - 2005-04-28 20:48:37
|
Hi Can you tell me, how I can import certificate into cisco VPN client? Because when I try it, I've got a message "Certificate successfully imported.", but I don't see it in certificates list... Also, problem can be with generating certificates. Here is my procedure: CA certificate: openssl req -new -x509 -nodes -keyout CAkey.pem -out CAcert.pem -config /usr/lib/ssl/openssl.cnf New certificates: openssl req -new -nodes -keyout newkey.pem -out newreq.pem -days 1000 -config /usr/lib/ssl/openssl.cnf Certificate sign with CA: openssl ca -in newreq.pem -out newcert.pem I use newkey.pem and newcert.pem in racoon.conf certificate_type section and CAcert.pem in cisco VPN client. And with testing is not problem, I can implementing this on 10-20 mobile (notebooks) clients as testing activity for some time, but first it must work... Pavol On Thu, 28 Apr 2005, F. Senault wrote: > Wednesday, April 27, 2005, 10:49:46 PM, you wrote: > > > 2005-04-27 22:02:13: DEBUG: > > 9ae917fc fa37ce58 c0c697e3 fd2fbba5 0b100500 00000000 00000038 0000001c > > 00000001 01100017 9ae917fc fa37ce58 c0c697e3 fd2fbba5 > > 2005-04-27 22:02:13: DEBUG: receive Information. > > 2005-04-27 22:02:13: ERROR: ignore information because the message has no > > hash payload. > > This packet is a notify for "INVALID-HASH-INFORMATION". > > I think you may have a problem with your certificates. Are you sure > your client has the certificate of the root CA that signed your > server's certificate ? If yes, please double-check all your certs. > > (BTW, if you want to try the latest CVS version, I made a few days ago > the modifications needed to interpret that kind of informational > messages, and log them. Testers wanted !) > > Fred > |