Bharath, On Tue, Jan 01, 2013 at 08:13:54PM -0800, Bharath Kumar wrote: > On Tue, Jan 1, 2013 at 7:45 PM, Jason <[email protected]> wrote: > > I just got strongswan installed on my debian squeeze box this evening. > > everything seems to be going smoothly (eg I'm behind a nat that > > _actually_ forwards esp packets) until I try to connect. My iphone > > gives me "Could not validate the server certificate". > > > > I'm using the IPSec configuration (no l2tp) with my own CA. > > > > So, I've tries a bunch of different flavors of "openssl pkcs12 -export > > ..." to generate a .p12 of my ca. No matter what I do, I get "The > > container "Identity Certificate" must contain only one certificate and > > its private key." > > > > Is apple really that daft as to require the CA's _private_ key? No, I'm > > probably missing something. Any pointers? I think I reached the end of > > both duckduckgo and google... > > > Not sure if you are using the procedure documented here but it worked > flawlessly for us. > http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple).
Yes, these are the exact instuctions I followed. > One thing I was going to ask is to check if you have > (a) installed the client certificate in PKCS #12 format AND Did that, including key. > (b) Installed your CA certificate ADDITIONALLY What format was your CA certificate? pkcs12? What exact command did you use to convert it? thx, Jason. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
