[strongSwan] v4.4.1 on squeeze w/ ios6: server cert verification fails
Bharath Kumar
cbkumar at gmail.com
Wed Jan 2 05:13:54 CET 2013
Not sure if you are using the procedure documented here but it worked
flawlessly for us.
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple).
One thing I was going to ask is to check if you have
(a) installed the client certificate in PKCS #12 format AND
(b) Installed your CA certificate ADDITIONALLY
The documentation explicitly states that and I'd verified at that time that
these 2 steps are mandatory.
Apologies if you already tried it but thought I'll point out.
FYI, I used 4.6.3 on Ubuntu 11.10 and 5.0.1 on CentOS - both work fine with
the instructions on that link.
Thanks,
Bharath Kumar
On Tue, Jan 1, 2013 at 7:45 PM, Jason <strongswan at lakedaemon.net> wrote:
> All,
>
> I just got strongswan installed on my debian squeeze box this evening.
> everything seems to be going smoothly (eg I'm behind a nat that
> _actually_ forwards esp packets) until I try to connect. My iphone
> gives me "Could not validate the server certificate".
>
> I'm using the IPSec configuration (no l2tp) with my own CA.
>
> So, I've tries a bunch of different flavors of "openssl pkcs12 -export
> ..." to generate a .p12 of my ca. No matter what I do, I get "The
> container "Identity Certificate" must contain only one certificate and
> its private key."
>
> Is apple really that daft as to require the CA's _private_ key? No, I'm
> probably missing something. Any pointers? I think I reached the end of
> both duckduckgo and google...
>
> thx,
>
> Jason.
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130101/512945c7/attachment.html>
More information about the Users
mailing list