Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Problem importing certificate into ssh sentinel 1.3 beta 2

From: John A. Sullivan III (John.Sullivan_at_nexusmgmt.com)
Date: Tue Apr 23 2002 - 12:09:18 CEST

Next message: Gerhard Hofmann: "RE: [Users] Error message "only know how to do auth=esp or auth=ah""
Previous message: John A. Sullivan III: "RE: [Users] FreeSwan and WinXP - No ping possible"
In reply to: Joop Marijne: "[Users] Problem importing certificate into ssh sentinel 1.3 beta 2"
Next in thread: Adam Pointon: "Re: [Users] scsi core error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This is strictly a Sentinel issue. For some reason, one gets that error
unless one drags and drops the new certificate directly onto the pending
certificate request. In previous versions, one had to just drop it into
the key area. We had the same problem using SSH's own Certifier CA as
well as OpenCA. Good luck - John

On Mon, 2002-04-22 at 16:03, Joop Marijne wrote:
> Hi All,
>
> A few months ago I did some tests with version 1.2 of the SSH sentinel
> product as a client for freeswan. I was able to get an installation with
> FreeSwan as gateway server and 3 laptops to work with the use of x509
> certificates. At this moment I have a couple of customers who want this
> system in production for in total 50 laptops. After installing version 1.3
> beta 2 (whichs has much more options) I was not able to import a signed
> certificate back into ssh sentinel. Here are the steps I took (following the
> online mini-ca-openssl pdf doc) found on ssh.com
>
> 1. I created a self signed certificate with openssl
> 2. installed it with freeswan
> 3 Installed ssh sentinel
> 4. Enrolled for a certificate (and save it as PKCS#10) request.req
> 5 copy request.req to server
> 6. sign it with:
> openssl x509 -req -in /tmp/request.req -CA demoCA/cacert.pem -CAkey
> demoCA/private/cakey.pem -CAcreateserial -days 1500 -out /tmp/joop.cer
> (off course all on 1 line.
> 7. Type password
> 8. copy joop.cer and cacert.bin back to client machine with ssh-sentinel,
> 9. import root-ca (works fine)
> 10. choose apply (just to be sure)
> 11. under my keys->host keys, right click, and choose import. -> joop.cer
> 12. SSh then tells me :Cannot import file, The file is corrupted or wrong
> format. Acquire a new file or convert it.
> 13. I converted the file to base64 format (.bin) same problem.
>
> The strange thing is, that this did work with ssh sentinel 1.2 ! (same
> laptop, same gateway)
>
> some versions: 0.9.6
> freeswan: 1.9.5
> ssh-sentinel: 1.3 beta 2
>
> Hope somebody can help me...
> (already asked support_at_ssh.com, but no reply from them since 2 weeks now)
>
> kind regards,
>
> Joop Marijne
> Penguin Systems
> Valkestraat 4
> 3811 KD Amersfoort
> 033-445 1310 / 06-2411 2911
> jmarijne_at_penguin-systems.nl
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- John A. Sullivan III Group Technology Director Nexus Management +1 207-985-7880 John.Sullivan_at_nexusmgmt.com

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Gerhard Hofmann: "RE: [Users] Error message "only know how to do auth=esp or auth=ah""
Previous message: John A. Sullivan III: "RE: [Users] FreeSwan and WinXP - No ping possible"
In reply to: Joop Marijne: "[Users] Problem importing certificate into ssh sentinel 1.3 beta 2"
Next in thread: Adam Pointon: "Re: [Users] scsi core error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST