[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN PGPNet Freeware and Certicates

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: VPN PGPNet Freeware and Certicates
From: Christopher Biggs <chris_(_at_)_stallion_(_dot_)_oz_(_dot_)_au>
Date: 30 Aug 2001 09:26:02 +1000

"SECURITY" <security_(_at_)_eds_(_dot_)_com_(_dot_)_ar> moved upon the face of the 'Net and spake thusly:

> is There any good whitepaper how to or anything else about ISAKMPD and
> PGPNet with Cert´s?

There's <http://www.allard.nu/openbsd/>   (but it talks about shared secrets)

> I search and read the mailing list an i can´t find why my peer´s don´t
> connect.
> 
Examine output of isakmpd -d -DA=99.  

> Seem´s like my cert´s have no public key...

How are you generating the certificates?   Using OpenSSL on BSD as
your CA, or using something else?

What does "openssl x509 -text <your_certificate.crt" show?

Some IPsec clients require extra properties in a certificate that you
won't have if you follow the certificate steps in the FAQ (eg, some
clients (SafeNet?, I can't recall for sure) demand that the CA:true
property be present in the CA certficate).

-- 
| Christopher Biggs --- Stallion Technolgoies  | One of the founding membata,|
| Evil Genius Division, Brisbane, Q, Australia | Society for Creative Pluri. |
| Send mail with "Subject: sendpgpkey" for my PGP public key.  MIME mail OK  |
\_____________________ UNIX -- To Serve And Connect _________________________/

Prev by Date: http://www.allseer.com/dmitryfundraisingparty/
Next by Date: Uh oh, not an ALTQ thread again...
Previous by thread: http://www.allseer.com/dmitryfundraisingparty/
Next by thread: Uh oh, not an ALTQ thread again...
Index(es):
- Date
- Thread

Visit your host, monkey.org