I have attempted several scripts to create a ca and then a client cert p12 bundle. The p12 is then downloaded on an android device, and it seems to be hit-and-miss. Some certs work, some certs never work. It stops at the point where the android is importing the cert and asks for the password. There's no way to tell it there's no password, so when I create the client cert I create it with a password. But on the certs that don't work, the android keeps coming back and asking for the password over and over.
Maybe you guys can see what I'm doing wrong? To create the CA: openssl req \ -new \ -x509 \ -out ca.crt \ -keyout ca.key \ -days 3065 To create the client cert: openssl req -new -keyout client.key -out client.csr -days 3065 SAN="ipsec.client" openssl x509 -extfile ./x509v3.cnf -extensions x509v3_FQDN -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -name client -out client.p12 If you need the openssl.conf, I can send that along too.
