On Fri, 2023-06-30 at 11:09 -0700, Daniel Lenski wrote: > On Mon, Jun 26, 2023 at 4:56 AM Grant Williamson <traxto...@gmail.com> wrote: > > I'm encountering an issue with the csd-post.sh script. When attempting > > to use it, I receive the error message: "You are attempting to use a > > digital certificate not assigned to this device." I would appreciate > > any insights on how to add support for when a server cross checks the > > MAC address functionality in the script. > > > Helps if I just try using what is there. Sorry. > > endpoint.device.MAC["FFFF.FFFF.FFFF"]="true"; > > Glad you figured out, but… wow. > > "Digital certificate not assigned to this device" is a very > misleading/unclear/irrelevant error message for "you didn't tell us > your MAC address."
To be fair, we *did* tell it our MAC address. We just *lied* and told it our MAC address was FF:FF:FF:FF:FF:FF. While using a certificate assigned to some other device. Using a MAC address as the host identifier isn't that unusual (although it does have issues when you have multiple devices, and it's better to use the system UUID from /etc/machine-id where it exists).
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
