Re: OpenIKED and Windows 10 Client

Thu, 13 Apr 2017 02:10:55 -0700

just to be clear I don't need to install the client cert on the openbsd machine?
And since this is eating up my time I might switch back to ikev1 and isakmpd. At least there I know I get it done 

regards

markus

Am 13.04.2017 um 10:13 schrieb Markus Rosjat:

As I stated befor I did all the cert installing for the local machine
store I will try to create some more certs with diffrent "names" just to
see if this makes a diffrence. I might be wrong what the real FQDN is or
better what windows believe it should be :)

regards

Markus

Am 12.04.2017 um 17:21 schrieb Bobby Johnson:

If you're doing pure certificate auth, not eap I think you need both
certs.  They do need to be installed under the local computer account.
Install the CA cert in the trusted root CA store, put the machine cert in
the personal store.  I also think it may be necessary to put the full
asn1_dn of the server and client certs in the src_id and dst_id lines of
the iked config.


On Wed, Apr 12, 2017 at 6:45 AM, Stuart Henderson <s...@spacehopper.org>
wrote:


On 2017-04-12, Markus Rosjat <ros...@ghweb.de> wrote:

Am 12.04.2017 um 11:49 schrieb Martijn van Duren:

On 04/12/17 11:42, Stuart Henderson wrote:

On 2017-04-11, Markus Rosjat <ros...@ghweb.de> wrote:

I think the problem is with the windows site because it tells me
there
is no certificate to be found. I added the certificate to local

machine

store -> own certificates (at least in the german UI is no personal

folder)


I think you're adding this cert to the wrong one of the many cert

stores

on Windows. It worked for me in trusted CAs, though there may be a

better

option that also works.


One thing that also bit me was that I had to put them in the
system-wide
store and not in the personal store.



well I put the CA certs in the trusted CA Folder and the cert for the
machine in "Eigene Zertifikate" in the local machine store

it seems to be a problem on the windows site thought


You only want the CA certificate, not the machine certificate.






--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227


Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT
























					Reply via email to