Re: OpenIKED and Windows 10 Client

2017-04-13 Thread Bobby Johnson
Just the CA and server cert need to be installed on the OpenBSD side. On Thu, Apr 13, 2017 at 3:10 AM, Markus Rosjat wrote: > just to be clear I don't need to install the client cert on the openbsd > machine? > > And since this is eating up my time I might switch back to ikev1

Re: OpenIKED and Windows 10 Client

2017-04-13 Thread Markus Rosjat
just to be clear I don't need to install the client cert on the openbsd machine? And since this is eating up my time I might switch back to ikev1 and isakmpd. At least there I know I get it done regards markus Am 13.04.2017 um 10:13 schrieb Markus Rosjat: As I stated befor I did all the

Re: OpenIKED and Windows 10 Client

2017-04-13 Thread Markus Rosjat
As I stated befor I did all the cert installing for the local machine store I will try to create some more certs with diffrent "names" just to see if this makes a diffrence. I might be wrong what the real FQDN is or better what windows believe it should be :) regards Markus Am 12.04.2017 um

Re: OpenIKED and Windows 10 Client

2017-04-12 Thread Bobby Johnson
If you're doing pure certificate auth, not eap I think you need both certs. They do need to be installed under the local computer account. Install the CA cert in the trusted root CA store, put the machine cert in the personal store. I also think it may be necessary to put the full asn1_dn of the

Re: OpenIKED and Windows 10 Client

2017-04-12 Thread Stuart Henderson
On 2017-04-12, Markus Rosjat wrote: > Am 12.04.2017 um 11:49 schrieb Martijn van Duren: >> On 04/12/17 11:42, Stuart Henderson wrote: >>> On 2017-04-11, Markus Rosjat wrote: I think the problem is with the windows site because it tells me there is no

Re: OpenIKED and Windows 10 Client

2017-04-12 Thread Markus Rosjat
well I put the CA certs in the trusted CA Folder and the cert for the machine in "Eigene Zertifikate" in the local machine store it seems to be a problem on the windows site thought regards markus Am 12.04.2017 um 11:49 schrieb Martijn van Duren: On 04/12/17 11:42, Stuart Henderson wrote:

Re: OpenIKED and Windows 10 Client

2017-04-12 Thread Martijn van Duren
On 04/12/17 11:42, Stuart Henderson wrote: > On 2017-04-11, Markus Rosjat wrote: >> I think the problem is with the windows site because it tells me there >> is no certificate to be found. I added the certificate to local machine >> store -> own certificates (at least in the

Re: OpenIKED and Windows 10 Client

2017-04-12 Thread Stuart Henderson
On 2017-04-11, Markus Rosjat wrote: > I think the problem is with the windows site because it tells me there > is no certificate to be found. I added the certificate to local machine > store -> own certificates (at least in the german UI is no personal folder) I think you're