Has anyone managed to get this to work?  I have set the FreeBSD box up as per the 
instruction on http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html .  Not sure if the 
server is fully configured yet.  I tried to VPN to the box over the local LAN but get 
the following error from WinXP "Error 798: A certificate could not be found that can 
used with this Extensible Authentication Protocol"  I copied the certificate from the 
FreeBSD box and imported it into the Windows Certificate Store.

Does anyone know what I am doing wrong or how to generate a proper certificate XP will 

The openssl lines didn't work due to path issues from the above link so here are the 
lines I used to generate the certificates:


openssl req -new -x509 -keyout /usr/local/etc/openssl/private/CAkey.pem -out 
/usr/local/etc/openssl/private/CAcert.pem -config /usr/local/etc/openssl/openssl.conf

openssl pkcs12 -export -in /usr/local/etc/openssl/private/CAcert.pem -inkey 
/usr/local/etc/openssl/private/CAkey.pem -nokeys -out CA.p12 


openssl req -new -keyout /usr/local/etc/openssl/server-key-encrypted.pem -out 
/usr/local/etc/openssl/server.pem -days 360 -config /usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/server.pem /usr/local/etc/openssl/server-key-encrypted.pem 
> /usr/local/etc/openssl/server-req.pem

openssl ca -policy policy_match -out /usr/local/etc/openssl/server-signed.pem -config 
/usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/server-req.pem

openssl rsa -in /usr/local/etc/openssl/server-key-encrypted.pem -out 


openssl req -new -keyout /usr/local/etc/openssl/user-key.pem -out 
/usr/local/etc/openssl/user.pem -days 360 -config /usr/local/etc/openssl/openssl.conf

cat /usr/local/etc/openssl/user.pem /usr/local/etc/openssl/user-key.pem > 

openssl ca -policy policy_match -out /usr/local/etc/openssl/user-signed.pem -config 
/usr/local/etc/openssl/openssl.conf -infiles /usr/local/etc/openssl/user-req.pem

openssl pkcs12 -export -in /usr/local/etc/openssl/user-signed.pem -inkey 
/usr/local/etc/openssl/user-key.pem -name "User Name Goes Here" -certfile 
/usr/local/etc/openssl/private/CAcert.pem -out user.p12 

Thanks in advance.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to