Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client

From: Doug Wilson (dwilson_at_virtc.com)
Date: Sat Mar 16 2002 - 22:58:14 CET

Next message: Russell McOrmond: "[Users] freeswan-1.96+linux-2.4.18: NAT (MASQ) problems."
Previous message: Doug Wilson: "[Users] freeswan says SA established, but softpk keeps retransmitting ISAKMP OAK MM *"
In reply to: Andreas Steffen: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks very much. You are right about softpk needing it's key to be
1024 bit in order to import it.

Andreas Steffen wrote:

>I checked the private key and both the user and CA certificates with openssl
>and could not detect any fault. But I have the strong suspicion that Soft-PK
>does not support 2048 bit private keys. Generate a user certificate with a
>1024 bit private/public key pair and try again. You can keep the CA cert
>since I know from personal experience that 2048 bit RSA signatures are
>supported.
>
>Andreas
>
>Doug Wilson wrote:
>
>>I'm getting the following error message when trying to import openssl
>>PKCS12 x509 certs/private keys into softpk.
>>
>>'Unable to import key from personal certificate file.'
>>
>>This appears to be the same problem Morten Troen wrote about and Andreas
>>Steffen responded to in:
>>
>>http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2001/09/msg00373.html
>>
>>I've tried Andreas Steffen's suggestion of examining the contents of my PKCS12 file with
>>
>>openssl pkcs12 -in test3Cert.p12 -nodes -out test3Cert1.pem
>>
>>and it appears to have all the bags ... host certificate, CA certificate, private key.
>>
>>I'm attaching the test3Cert1.pem file.
>>
>>Does anyone know why softpk would refuse to import test3Cert.p12?
>>
>>P.S.- Thanks to FreeS/WAN and this very helpful list my linux road-warrior can IPSEC! Now I just need to find a way to get my Windows road-warriors up.
>>
>>Thanks very much for any insights.
>>
>>--
>>-----------------------------------------------------------
>>Doug Wilson
>>Project Director - Information Systems
>>Virtual Technology Corporation
>>703-658-7050
>>dwilson_at_virtc.com
>>
>
>======================================================================
>Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
>Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
>CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
>===============================================================[ZHW]==
>_______________________________________________
>Users mailing list
>Users_at_lists.freeswan.org
>http://lists.freeswan.org/mailman/listinfo/users
>
>

-- ----------------------------------------------------------- Doug Wilson Project Director - Information Systems Virtual Technology Corporation 703-658-7050 dwilson_at_virtc.com

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Russell McOrmond: "[Users] freeswan-1.96+linux-2.4.18: NAT (MASQ) problems."
Previous message: Doug Wilson: "[Users] freeswan says SA established, but softpk keeps retransmitting ISAKMP OAK MM *"
In reply to: Andreas Steffen: "Re: [Users] can't import openssl PKCS12 certificates/private keys with softpk client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:44 CEST