Am Fre, 2003-08-01 um 01.08 schrieb James Thornton: > Followed the procedure on http://www.natecarlson.com/linux/ipsec-x509.php to > set up a Freeswan gateway and a Windows 2000 client, but I'm getting these > errors in /var/log/secure: > > Jul 31 12:37:59 roam pluto[18829]: "wpp-road"[1] 64.123.132.54 #1: > certificate signature is invalid > Jul 31 12:37:59 roam pluto[18829]: "wpp-road"[1] 64.123.132.54 #1: X.509 > certificate rejected How did you create the certificate? Did you store the CA-certificate in the directory /etc/ipsec.d/cacerts?
Test the certificate using openssl: openssl verify -CAfile /etc/ipsec.d/cacert.pem wincert.pem You can check the certificate on windows too. Go to the certificate store and doubleclick the certificate. It will tell you whether it is valid or not. Apparently FreeS/WAN does not recognize the signature, therefore no authentication takes place, no tunnel. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
