Thanks for responding Mark, All certs are 1024 including the one I generated for the concentrator identity. Did you get yours working?
--- Mark Schoneman <[EMAIL PROTECTED]> wrote: > I've had problems with certificates and Cisco if any > of the keys in the > chain are greater than 2048 This includes the CA > > > > ray v <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 05/12/2005 01:16 AM > Please respond to > openssl-users@openssl.org > > > To > openssl-users@openssl.org > cc > > Subject > Cisco concentrator not accept certificate from > openssl > > > > > > > Hi All, Hi Steve! > > > Does anyone have documentation on how to get a > concentrator to accept certificate signed by > openssl? > > Cisco VPN 3030 4.x > > > On the concentrator I have install both my Root CA > certificate and the Sub CA I used to sign request > for > internal devices. Next I generate a manual request > from the certificate manager, copy that over to > where > it will be sign. Check to make sure its valid using > openssl req -in my.req. > > Sign the request and make the certificate using the > Sub CA. I think do openssl x509 -in my.cert -text > -noout -purpose to make sure its valid and that the > purpose has been set correctly. > > Next I copy the my.cert file over to a machine I > access the certificate manager on the concentrator. > I > select install from the request pending windows and > choose cut & paste as my option to copy the > certificate. > > The concentrator spits out the following error > > " An error has occurred while attempting to perform > the operation. > > Error installing identity certificate: Incomplete > chain. " > > This leads me to believe I've done something wrong > with the chain. I have gone back to verify that the > root CA and sub CA certificates are correct and > that > the right sub CA sign the certificate request. > Further > I've verify that the sub CA certificate > configuration > on the concentrator is set to accept certificate > sign > by itself. > > Has anyone any idea what I'm doing wrong?? > > As always I appreciate any help and special thanks > to > Dr. Steve who seems tireless in his efforts on this > list! > > > > > > > > > > > > > Yahoo! Mail > Stay connected, organized, and protected. Take the > tour: > http://tour.mail.yahoo.com/mailtour.html > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > > > This e-mail, including attachments, may include > confidential and/or > proprietary information, and may be used only by the > person or entity to > which it is addressed. If the reader of this e-mail > is not the intended > recipient or his or her authorized agent, the reader > is hereby notified > that any dissemination, distribution or copying of > this e-mail is > prohibited. If you have received this e-mail in > error, please notify the > sender by replying to this message and delete this > e-mail immediately. > > Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
