Re: OpenIKED and Windows 10 Client

Thu, 13 Apr 2017 01:14:33 -0700

As I stated befor I did all the cert installing for the local machine store I will try to create some more certs with diffrent "names" just to see if this makes a diffrence. I might be wrong what the real FQDN is or better what windows believe it should be :) 

regards

Markus

Am 12.04.2017 um 17:21 schrieb Bobby Johnson:

If you're doing pure certificate auth, not eap I think you need both
certs.  They do need to be installed under the local computer account.
Install the CA cert in the trusted root CA store, put the machine cert in
the personal store.  I also think it may be necessary to put the full
asn1_dn of the server and client certs in the src_id and dst_id lines of
the iked config.


On Wed, Apr 12, 2017 at 6:45 AM, Stuart Henderson <s...@spacehopper.org>
wrote:


On 2017-04-12, Markus Rosjat <ros...@ghweb.de> wrote:

Am 12.04.2017 um 11:49 schrieb Martijn van Duren:

On 04/12/17 11:42, Stuart Henderson wrote:

On 2017-04-11, Markus Rosjat <ros...@ghweb.de> wrote:

I think the problem is with the windows site because it tells me there
is no certificate to be found. I added the certificate to local

machine

store -> own certificates (at least in the german UI is no personal

folder)


I think you're adding this cert to the wrong one of the many cert

stores

on Windows. It worked for me in trusted CAs, though there may be a

better

option that also works.


One thing that also bit me was that I had to put them in the system-wide
store and not in the personal store.



well I put the CA certs in the trusted CA Folder and the cert for the
machine in "Eigene Zertifikate" in the local machine store

it seems to be a problem on the windows site thought


You only want the CA certificate, not the machine certificate.




--
Markus Rosjat    fon: +49 351 8107223    mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT

Reply via email to