openssl x509 -in [filename] -noout -text -inform PEM -Kyle H
On Tue, Aug 26, 2008 at 8:44 AM, Chris Zimmerman <[EMAIL PROTECTED]> wrote: > That command seems to have a syntax problem, showing: "unknown option > [cert.pem-inserted my cert here]" > > > > On Mon, Aug 25, 2008 at 10:55 PM, Tim Hudson <[EMAIL PROTECTED]> wrote: >> Chris Zimmerman wrote: >>> >>> I am working to setup a Watchguard firewall with x509 certs for VPN >>> tunnels. I have created my own CA on my laptop and I have created a >>> CSR on the Watchguard product. I have then signed the CSR with my CA >>> certificate successfully which then imports into the Watchguard. >>> Here's the problem: Watchguard requires that the cert be typed as >>> "Web" or "IPSec" if it is to be used for VPN tunnels. Everytime I >>> import my signed cert it shows up as a CA Cert type. I know this is >>> an interop question, but has any got an idea of what to try to get >>> this working? I've been at this for days now with no success. >> >> Look a the various settings for basic constraints, key usage and extended >> key usage as controlled in openssl.cnf ... basically you need to set them to >> match what Watchguard wants. >> >> Perhaps you have the v3_ca stuff set. >> >> The output of >> openssl x509 -text -noout cert.pem >> will let me see what you have set in the way of those extensions. >> >> If you have a working certificate and a non-working one then comparing the >> text output should help show what the requirements are. >> >> Tim. >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
