Re: Getting Cisco 3kvpn to accept openssl signed certs - anyone done it?
Locked
 
|
Yes, first thing I did was install the CA root
certificate and the sub CA certificate which signs the cert reqs from the 3000. Cisco got back to me and are now telling me that it might be a problem with the code version I have loaded up on my 3k. Once I get it updated I'll try again to see if there is a difference. BTW Cisco has sent several documents on how to make this work, generally with all other products accept for openssl. Still the instructions are quite clear and should work with openssl just fine. FYI - Version 4.1.7.D --- David Gianndrea <[hidden email]> wrote: > Have you installed the CA cert on the cisco? > > David Gianndrea > Senior Network Engineer > Comsquared Systems, Inc. > > Email: [hidden email] > Web: www.comsquared.com > > > ray v wrote: > > Has anyone been able to get a certificate signed > by > > openssl CA to accept the identity certificate? > > > > > > 1. Gen manual pkcs10 req on 3kvpn > > 2. Sign 3kvpn req and make cert > > 3. install cert through cut and paste or file > transfer > > > > error message > > > > Error installing SSL certificate: Incomplete > chain. > > > > I verified the chain and for everything else not > 3kvpn > > things are working peachy. > > > > On the other hand Cisco hasn't been much help at > all, > > but I still have hope. > > > > > > > > > > > > __________________________________ > > Yahoo! Mail Mobile > > Take Yahoo! Mail with you! Check email on your > mobile phone. > > http://mobile.yahoo.com/learn/mail > > > > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > [hidden email] > > Automated List Manager > [hidden email] > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
Ok finally had time to work on this project again and
solve the problem. To fix the problem I upgraded from vpn3000-4.1.5.B-k9.bin to vpn3000-4.1.7.E-k9.bin --- ray v <[hidden email]> wrote: > Yes, first thing I did was install the CA root > certificate and the sub CA certificate which signs > the > cert reqs from the 3000. > > Cisco got back to me and are now telling me that it > might be a problem with the code version I have > loaded > up on my 3k. Once I get it updated I'll try again to > see if there is a difference. > > BTW Cisco has sent several documents on how to make > this work, generally with all other products accept > for openssl. Still the instructions are quite clear > and should work with openssl just fine. > > FYI - Version 4.1.7.D > > --- David Gianndrea <[hidden email]> > wrote: > > Have you installed the CA cert on the cisco? > > > > David Gianndrea > > Senior Network Engineer > > Comsquared Systems, Inc. > > > > Email: [hidden email] > > Web: www.comsquared.com > > > > > > ray v wrote: > > > Has anyone been able to get a certificate signed > > by > > > openssl CA to accept the identity certificate? > > > > > > > > > 1. Gen manual pkcs10 req on 3kvpn > > > 2. Sign 3kvpn req and make cert > > > 3. install cert through cut and paste or file > > transfer > > > > > > error message > > > > > > Error installing SSL certificate: Incomplete > > chain. > > > > > > I verified the chain and for everything else not > > 3kvpn > > > things are working peachy. > > > > > > On the other hand Cisco hasn't been much help at > > all, > > > but I still have hope. > > > > > > > > > > > > > > > > > > __________________________________ > > > Yahoo! Mail Mobile > > > Take Yahoo! Mail with you! Check email on your > > mobile phone. > > > http://mobile.yahoo.com/learn/mail > > > > > > > > > OpenSSL Project > > http://www.openssl.org > > > User Support Mailing List > > [hidden email] > > > Automated List Manager > > [hidden email] > > > ______________________________________________________________________ > > OpenSSL Project > > http://www.openssl.org > > User Support Mailing List > > [hidden email] > > Automated List Manager > > [hidden email] > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Small Business - Try our new Resources site > http://smallbusiness.yahoo.com/resources/ > > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [hidden email] > Automated List Manager > [hidden email] > __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
|
|
Hi,
I am using Non Blocking sockets, and would like to know the behaviour wrt SSL_renegotiation. Once I make a call to do_handshake, as the FD is non blocking it will return immediately with a success, but from the application's point of view how will it come to know that the renegotiation in thro' so that it can call SSL_write/SSL_read? Should the application poll on that do_handshake flag within the ssl control block? Any suggestion/help appreciated a lot. Thanks --Gayathri ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |