[strongSwan] user certificate could not be found via windows 7 vpn connect

jotpe jotpe.osm at gmail.com
Fri Aug 22 17:12:12 CEST 2014

To get confident with ipsec, I followed the configuration examples for
estabslishing a secured host to host communication (with x509 pki certs)
between two debian servers. That works fine :)

Now the real job:
I'm trying to configure a debian server talking ipsec to windows 7 clients.

Like in the example before, I create CA und client certs, following this

Following "B) Authentication using X.509 User Certificates"
I also inlcuded "--flag serverAuth --flag ikeIntermediate"

an error occurred while clicking on the vpn-connect button:
"A certificate could not be found that can be used with this Extensible
Authentication Protocol. (Error 798)"

I tried several things to solve it, by recreation of the windows client
- Changing the common name in from "sun" to my actual username. Doesn't
- Merging the pubkey and private key to a single pfx file. The import
dialog sais, "imported correctly into own certs", but is never shown in the
cert manager.

Does anybody know how to create client certs, which Windows 7 accepts?

Best Regards, Johannes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140822/1028cf8b/attachment.html>

More information about the Users mailing list