That command seems to have a syntax problem, showing: "unknown option [cert.pem-inserted my cert here]"
On Mon, Aug 25, 2008 at 10:55 PM, Tim Hudson <[EMAIL PROTECTED]> wrote: > Chris Zimmerman wrote: >> >> I am working to setup a Watchguard firewall with x509 certs for VPN >> tunnels. I have created my own CA on my laptop and I have created a >> CSR on the Watchguard product. I have then signed the CSR with my CA >> certificate successfully which then imports into the Watchguard. >> Here's the problem: Watchguard requires that the cert be typed as >> "Web" or "IPSec" if it is to be used for VPN tunnels. Everytime I >> import my signed cert it shows up as a CA Cert type. I know this is >> an interop question, but has any got an idea of what to try to get >> this working? I've been at this for days now with no success. > > Look a the various settings for basic constraints, key usage and extended > key usage as controlled in openssl.cnf ... basically you need to set them to > match what Watchguard wants. > > Perhaps you have the v3_ca stuff set. > > The output of > openssl x509 -text -noout cert.pem > will let me see what you have set in the way of those extensions. > > If you have a working certificate and a non-working one then comparing the > text output should help show what the requirements are. > > Tim. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
