On 3/12/2010 9:20 AM, Tero Karttunen wrote: > I am trying to set up Windows Server 2008 64-bit environment, and I am > evaluating Shrew Soft VPN Client as an alternative to Cisco Systems > VPN Client, which sadly does not work in 64-bit environments. > > I have two Cisco profiles to import called "TE-access" and "SU4TSF". > The first one got imported successfully, and its type was "Mutual PSK > + XAuth". However, the second one caused import to fail with 2.1.5. > Learning that Cisco support is a recent addition, I downloaded > 2.1.6-beta-6 and tried again. > > The message I got was: "The Cisco site configuration was imported but > uses a RSA authentication method. You will need to import a > certificate manually to complete the configuration." Preselected > authentication method now seems to be "Mutual RSA + XAuth". > > Right. Pretty straightforward instruction; however, I cannot seem to > get it to function correctly. > > What I have in hand are SU4TSF.pfx and SU4TSF.pcf files, the second > being the Cisco profile and the first one containing all the necessary > certificates. There are no certificate passwords so I am able to > install both the enclosed VPN certificate and accompanied root CA > sertificate into Windows certificate registry. > > PFX is PKCS12 file, right? However, when I attempted to set all the > files (Server Certificate Authority File, Client Certificate File, > Client Private Key file) to SU4TSF.pdf, it did not work. The results > are: > > ------------------------------------------ > peer configured > iskamp proposal configured > esp proposal configured > client configured > server cert config failed > detached from key daemon ... > ------------------------------------------ > > Can you please advice me how to correctly complete the configuration? > Is there a HOWTO somewhere on converting pfx into necessary files? The > vpnhelp documentation is somewhat sparse on what kind of files it > expects! >
I would try exporting the certificate manually using openssl to see if that works. This may produce more than one so it may take some trial and error. Google spits out a wealth of links when I type in "pfx to pem". Have a look at this ... http://help.globalscape.com/help/eft5/admin/exporting_a_certificate_from_pfx_to_pem.htm If you get it to work this way, please let us know. -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
