[strongSwan] Apple cisco connect issue
Hafeez Rehman
hafeezr at hotmail.com
Fri Jun 10 06:20:34 CEST 2011
Lars,
I went ahead and recreated the certificates based on your recommendations, altNames and flags are set correctly. Still same error.
Then I upgraded to 4.5.1. It starts up fine on rc4 but exact same issue.
Any other advice?
Thanks for all the help.
Hafeez
> Date: Thu, 9 Jun 2011 18:41:33 -0400
> From: lars at hjersted.com
> To: hafeezr at hotmail.com
> CC: users at lists.strongswan.org
> Subject: RE: [strongSwan] Apple cisco connect issue
>
>
> > Lars,
> >
> > Error on iphone is "Could not validate the server certificate"
> >
> > I have made sure domain name in the server field matches the domain in the server certificate it is connecting.
> >
> > So what else I can do. I really don't want to touch the router to upgrade to rc5. It is very stable as it is.
> >
> > I tried to compile 4.5 for rc4 no luck there either.
> >
> > Thanks,
> > Hafeez
> >
>
> Hafeez,
>
> I do not think you need to upgrade strongSwan for this to work, however it
> is possible that the strongSwan 4.5.1 packages from RC5 will work on RC4.
>
> On my server certificate I have the domain name as the subjectAltName and
> I also have the "serverAuth" extendedKeyUsage flag set. Here is an example
> using the strongSwan PKI tool:
>
> ipsec pki --pub --in serverKey.pem | ipsec pki --issue -cacert caCert.pem --cakey caKey.pem \
> --dn "C=MY, O=My Organization, CN=server" --san myvpn.mydomain.com --flag serverAuth \
> --outform pem > serverCert.pem
>
> You can verify your server certificate with:
>
> ipsec pki --print -i /etc/ipsec.d/certs/serverCert.pem
> ...
> altNames: myvpn.mydomain.com
> flags: serverAuth
> ...
>
>
> -Lars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110610/1a09d6e7/attachment.html>
More information about the Users
mailing list