tom.myny_at_pandora.be wrote:
> Hi,
>
> I checked now the error log on sentinel SSH and it seems that there is an error:
Have you installed your OpenSSL root CA certificate under SSH Sentinel
Key Management -> Trust Policy -> Trusted Certificates -> Certification
Authorities? You must do that.
Verify Common Name of the FreeSWAN host certificate and the OpenSSL root
CA. They must be different. In your case, be sure that you haven't used
hermes.ignl.be as Common Name of both FreeSWAN host and OpenSSL root CA
certificates.
Open Properties of the root CA cert: you must have both options 'Trust
in certification path verification' and Accept connections authenticated
with a certificate issued byt this CA' selected. Is the root CA cert
valid? Check Details and verify you have there Basic constraints =
'Subject Type=CA'.
Find your client cert under My Keys. Is the Certification path (trust
relationship) ok? Is the client cert valid? Check Details -> Issuer ->
CN; this Common Name is used for your OpenSSL CA and it should be
something different to Common Name of FreeSWAN client certificate.
Troubleshooting IPSec connections is a way too nasty at the moment. We
know this and we've plans to improve user-friendliness of SSH Sentinel
in future releases so, that end-user should not start reading logfiles
to find answers to very basic things.
Best regards,
Jussi
-- ______________________________________________________________ Jussi Törhönen, Kuopio R&D unit, e-mail jussi.torhonen_at_ssh.com SSH Communications Security Corp, http://www.ssh.com SSH Sentinel VPN Client, http://www.ipsec.com_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:07 CEST