Hi, I solved my problem with the certificates. The reason why the vpn client did not like the certificates was that there where an alternate issuer name and an alternate subject name which both where empty. The alternate subject name should have been the email address. So this would have been fixed by adding an email address to the request. But I can't find the reason why there was an empty alternate issuer name. I removed the lines which add these two parts to the certificate from the openssl.cnf and it worked.
Best regards Udo W�hler Hi, we want to use OpenCA to sign certificates for Cisco VPN clients. The problem is that the VPN client does not want to use the certificates signed by OpenCA. I tried different roles, but it does not help. Other certificates signed by openssl (done with OpenSCEP) works fine. So there is probably a problem with the properties of the certificate. Does anybody have a hint on this? Best regards Udo Woehler Ihr Support Team (bzw. Technical Engineering) -------------------------------------------------------------------------------------- Compu-Shack Electronic GmbH Ringstrasse 56-58 56564 Neuwied Germany Telefon +49/(0) 26 31-9 83-9 88 TeamFax +49/(0) 26 31-9 83-9 89 TeamEmail [EMAIL PROTECTED] ---------- Kennen Sie schon Support-ONLINE ?-------------- Unter www.support.compu-shack.com finden Sie aktuelle Aktionen, Preisinformationen, Referenzen und vieles mehr...! Lernen Sie unser Team kennen und erfahren Sie N�heres �ber den Support Vor-Ort-Service, Workshops und Remote-Management ! ***Brandheiss!!*** Sparen Sie noch bis zum 30.04.2002 bares Geld bei der Online-Buchung eines Backup/Storage- Intensivworkshops! www.support.compu-shack.com/backup ----------------------------------------------------------------------------------- _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
