[strongSwan] v4.4.1 on squeeze w/ ios6: server cert verification fails
Jason
strongswan at lakedaemon.net
Wed Jan 2 13:55:05 CET 2013
Bharath,
On Tue, Jan 01, 2013 at 08:13:54PM -0800, Bharath Kumar wrote:
> On Tue, Jan 1, 2013 at 7:45 PM, Jason <strongswan at lakedaemon.net> wrote:
> > I just got strongswan installed on my debian squeeze box this evening.
> > everything seems to be going smoothly (eg I'm behind a nat that
> > _actually_ forwards esp packets) until I try to connect. My iphone
> > gives me "Could not validate the server certificate".
> >
> > I'm using the IPSec configuration (no l2tp) with my own CA.
> >
> > So, I've tries a bunch of different flavors of "openssl pkcs12 -export
> > ..." to generate a .p12 of my ca. No matter what I do, I get "The
> > container "Identity Certificate" must contain only one certificate and
> > its private key."
> >
> > Is apple really that daft as to require the CA's _private_ key? No, I'm
> > probably missing something. Any pointers? I think I reached the end of
> > both duckduckgo and google...
> >
> Not sure if you are using the procedure documented here but it worked
> flawlessly for us.
> http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple).
Yes, these are the exact instuctions I followed.
> One thing I was going to ask is to check if you have
> (a) installed the client certificate in PKCS #12 format AND
Did that, including key.
> (b) Installed your CA certificate ADDITIONALLY
What format was your CA certificate? pkcs12? What exact command did
you use to convert it?
thx,
Jason.
More information about the Users
mailing list