IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] complex cert structure possible in winxp ?

From: Markus Koellner (smshomey_at_gmx.de)
Date: Fri Mar 22 2002 - 20:02:36 CET

Hi again,
[this is not a x.509patch problem but i hope you can give me a hint]

(as you know) my setup in brief:
Freeswan1.94 + X.509Patch0.9.7 as Gateway
WinXP Professional + IPsec Tool V.2.0.1 by Marcus Mueller as Roadwarrior

Is there a possibility to have a certificate structure like this in winxp ?:

          RootCA
         / \
RouterCA ClientCA
     | |
Freeswan WinXP

my ipsec.conf on winxp looks like this:

conn hismkg
         left=%any
         right=217.18.2.123
         rightsubnet=192.168.100.0/24
         rightca="CN=Router CA"
         rekey=300S/20480K
         authmode=MD5
         network=ras
         auto=start
         pfs=yes

Unfortunately, my tests with that were not very successful. When I have a winxp
certificate signed by the ClientCA, Windows complains about not finding the
chain
to authenticate its own certificate.
When I change to rightca="CN=Client CA" Windows authenticates its own
certificate
but can't Freeswan's one.
When I create a certificate for winxp signed by the RouterCA everything
works. Is there
a trick for the above setup ?
Both, leftca="CN=Client CA" and rightca="CN=Router CA" simultaniously doesn't
work, too.

Thanks again
Markus

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:46 CEST