> > > I would assume so, although it almost seems not to be the > > > case. Are you sure you have left the correct certs in the > > > database? You need two certificates: One trusted (the CA) > > > and one personal (winpower). > > > > Please elaborate/clarify this last statement -- does the CA > > need to be on the Windows client? > > Yes it needs to be stored in the trusted certificate storage on the > windows client. It is part of the .p12 file which has been transferred > to the windows client. When inspecting the certificate storage, > you should have one container Personal-Certificates. This container > should hold the winpower certificate. Additionally you should find a > Trusted_Root_Certification_Authorities-Certififcates container which > should contain (among others) your CA-certificate.
I had four references to CAs in Trusted Root Certification Authorities/Certificates so I deleted all of them along with the one under Personal/Certificates, I imported wpower.p12 again, but it's still not working -- I'm still getting "Error 80090016 during CryptSignHash1!" in the Oakley.log and "certificate signature is invalid...X.509 certificate rejected" in /var/log/secure. > > Barf: http://jamesthornton.com/stuff/vpn/barf.txt > > Oakley log: http://jamesthornton.com/stuff/vpn/oakley.txt > > I'll take a look at it. Thanks Ralf.
