<div>To get confident with ipsec, I followed the configuration examples for estabslishing a secured host to host communication (with x509 pki certs) between two debian servers. That works fine :)</div>
<div> </div>
<div> </div>
<div>Now the real job: </div>
<div>I'm trying to configure a debian server talking ipsec to windows 7 clients.</div>
<div> </div>
<div>Like in the example before, I create CA und client certs, following this instructions:</div>
<div><a href="https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA">https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA</a></div>
<div> </div>
<div>Following "B) Authentication using X.509 User Certificates"</div>
<div><a href="https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig">https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserConfig</a></div>
<div>I also inlcuded "--flag serverAuth --flag ikeIntermediate"</div>
<div> </div>
<div>an error occurred while clicking on the vpn-connect button:</div>
<div>"<span name="subject">A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"</span></div>
<div><span name="subject"></span> </div>
<div>I tried several things to solve it, by recreation of the windows client cert:</div>
<div>- Changing the common name in from "sun" to my actual username. Doesn't work.</div>
<div>- Merging the pubkey and private key to a single pfx file. The import dialog sais, "imported correctly into own certs", but is never shown in the cert manager.</div>
<div> </div>
<div> </div>
<div>Does anybody know how to create client certs, which Windows 7 accepts?</div>
<div> </div>
<div>Best Regards, Johannes</div>