Not sure if you are using the procedure documented here but it worked flawlessly for us. http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple).
One thing I was going to ask is to check if you have (a) installed the client certificate in PKCS #12 format AND (b) Installed your CA certificate ADDITIONALLY The documentation explicitly states that and I'd verified at that time that these 2 steps are mandatory. Apologies if you already tried it but thought I'll point out. FYI, I used 4.6.3 on Ubuntu 11.10 and 5.0.1 on CentOS - both work fine with the instructions on that link. Thanks, Bharath Kumar On Tue, Jan 1, 2013 at 7:45 PM, Jason <[email protected]> wrote: > All, > > I just got strongswan installed on my debian squeeze box this evening. > everything seems to be going smoothly (eg I'm behind a nat that > _actually_ forwards esp packets) until I try to connect. My iphone > gives me "Could not validate the server certificate". > > I'm using the IPSec configuration (no l2tp) with my own CA. > > So, I've tries a bunch of different flavors of "openssl pkcs12 -export > ..." to generate a .p12 of my ca. No matter what I do, I get "The > container "Identity Certificate" must contain only one certificate and > its private key." > > Is apple really that daft as to require the CA's _private_ key? No, I'm > probably missing something. Any pointers? I think I reached the end of > both duckduckgo and google... > > thx, > > Jason. > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
