Hi All,
A few months ago I did some tests with version 1.2 of the SSH sentinel
product as a client for freeswan. I was able to get an installation with
FreeSwan as gateway server and 3 laptops to work with the use of x509
certificates. At this moment I have a couple of customers who want this
system in production for in total 50 laptops. After installing version 1.3
beta 2 (whichs has much more options) I was not able to import a signed
certificate back into ssh sentinel. Here are the steps I took (following the
online mini-ca-openssl pdf doc) found on ssh.com
1. I created a self signed certificate with openssl
2. installed it with freeswan
3 Installed ssh sentinel
4. Enrolled for a certificate (and save it as PKCS#10) request.req
5 copy request.req to server
6. sign it with:
openssl x509 -req -in /tmp/request.req -CA demoCA/cacert.pem -CAkey
demoCA/private/cakey.pem -CAcreateserial -days 1500 -out /tmp/joop.cer
(off course all on 1 line.
7. Type password
8. copy joop.cer and cacert.bin back to client machine with ssh-sentinel,
9. import root-ca (works fine)
10. choose apply (just to be sure)
11. under my keys->host keys, right click, and choose import. -> joop.cer
12. SSh then tells me :Cannot import file, The file is corrupted or wrong
format. Acquire a new file or convert it.
13. I converted the file to base64 format (.bin) same problem.
The strange thing is, that this did work with ssh sentinel 1.2 ! (same
laptop, same gateway)
some versions: 0.9.6
freeswan: 1.9.5
ssh-sentinel: 1.3 beta 2
Hope somebody can help me...
(already asked support_at_ssh.com, but no reply from them since 2 weeks now)
kind regards,
Joop Marijne
Penguin Systems
Valkestraat 4
3811 KD Amersfoort
033-445 1310 / 06-2411 2911
jmarijne_at_penguin-systems.nl
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST