From: Whit Blauvelt (whit_at_transpect.com)
Date: Fri Aug 30 2002 - 22:03:16 CEST
Okay found the place in Sentinel to import the CA root cert, replacing the
one first put there through the PKCS method with an individual cert of the
same identity, and still I get:
> : SPD: Can not determine per-rule trusted CA root set for remote identity
> fqdn(any:0,[0..18]=no2.electrainfo.com). Using only globally trusted
> roots.
What is a "per-rule trusted CA root set"? Please break this down:
What is "per-rule" in this context?
It should already be a "trusted CA" because I've imported the CA's
certificate, right?
What is a "root set"?
How should this be linked to the FQDN?
Is there some switch to allow using "roots" which aren't "globally trusted"?
I can go around and around and follow the formula in the pdf repeatedly -
but I've already done that more than once, and I've a much better chance of
finding what's underspecified in the instructions if I can get a better
sense of what Sentinel is complaining about.
Thanks,
Whit
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Sat Aug 31 2002 - 00:19:53 CEST