Has anyone had any experience using openca with Netscreen products?
I'm trying to use OpenCA to issue certificates to netscreen remote (which
is infact an OEM version of SafeNet SoftRemote) and to a Netscreen 500
'security appliance'.
First I've had to remove the 'subjectAltName=${ENV::subjectAltName}' from
the VPN role configureation otherwise the certificate cannot be issued. I
assume this is because the netscreen software doesn't require an email
address in the request (and there's nowhere to put it). The same is also
true of the web server role (the Netscreen 500 uses SSL for management).
Netscreen Remote's SCEP client will not talk to the SCEP implementation in
OpenCA. It'll get the CA certificate no bother, but will not make
requests, the format of the reply is wrong.
Once I've enrolled certificates sucessfully the netscreen remote client
attempts to establish the vpn - the NS500 accepts the certificate and
sends back a response - the Netscreen Remote software rejects this with
the message:-
Certificate doesn't match Phase 1 ID. Certificate data used.
Cannot match Phase 1 ID with Policy Entry: Certificate ID DOMAIN=
Has anyone got any experience with these platforms?
Regards,
Jonathan
!---------------------------------------------------------------------------
= Jonathan Nicholson - Team Leader : System Support "Special Projects" =
= The Sanger Centre, Wellcome Trust Genome Campus, Hinxton, Cambs, CB10 1SA =
= Email: [EMAIL PROTECTED] -=- Tel: 01223 834244 x4987 -=- Fax: 01223 494919 =
----------------------------------------------------------------------------
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
