Re: Getting Cisco 3kvpn to accept openssl signed certs - anyone done it?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Getting Cisco 3kvpn to accept openssl signed certs - anyone done it?

ray v
Yes, first thing I did was install the CA root
certificate and the sub CA certificate which signs the
cert reqs from the 3000.

Cisco got back to me and are now telling me that it
might be a problem with the code version I have loaded
up on my 3k. Once I get it updated I'll try again to
see if there is a difference.

BTW Cisco has sent several documents on how to make
this work, generally with all other products accept
for openssl. Still the instructions are quite clear
and should work with openssl just fine.

FYI - Version 4.1.7.D

--- David Gianndrea <[hidden email]> wrote:

> Have you installed the CA cert on the cisco?
>
> David Gianndrea
> Senior Network Engineer
> Comsquared Systems, Inc.
>
> Email:   [hidden email]
> Web:     www.comsquared.com
>
>
> ray v wrote:
> > Has anyone been able to get a certificate signed
> by
> > openssl CA to accept the identity certificate?
> >
> >
> > 1. Gen manual pkcs10 req on 3kvpn
> > 2. Sign 3kvpn req and make cert
> > 3. install cert through cut and paste or file
> transfer
> >
> > error message
> >
> > Error installing SSL certificate: Incomplete
> chain.
> >
> > I verified the chain and for everything else not
> 3kvpn
> > things are working peachy.
> >
> > On the other hand Cisco hasn't been much help at
> all,
> > but I still have hope.
> >
> >
> >
> >
> >
> > __________________________________
> > Yahoo! Mail Mobile
> > Take Yahoo! Mail with you! Check email on your
> mobile phone.
> > http://mobile.yahoo.com/learn/mail 
> >
>
______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                  
> [hidden email]
> > Automated List Manager                          
> [hidden email]
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


               
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Getting Cisco 3kvpn to accept openssl signed certs - anyone done it?

ray v
Ok finally had time to work on this project again and
solve the problem.


To fix the problem I upgraded from
vpn3000-4.1.5.B-k9.bin to vpn3000-4.1.7.E-k9.bin


--- ray v <[hidden email]> wrote:

> Yes, first thing I did was install the CA root
> certificate and the sub CA certificate which signs
> the
> cert reqs from the 3000.
>
> Cisco got back to me and are now telling me that it
> might be a problem with the code version I have
> loaded
> up on my 3k. Once I get it updated I'll try again to
> see if there is a difference.
>
> BTW Cisco has sent several documents on how to make
> this work, generally with all other products accept
> for openssl. Still the instructions are quite clear
> and should work with openssl just fine.
>
> FYI - Version 4.1.7.D
>
> --- David Gianndrea <[hidden email]>
> wrote:
> > Have you installed the CA cert on the cisco?
> >
> > David Gianndrea
> > Senior Network Engineer
> > Comsquared Systems, Inc.
> >
> > Email:   [hidden email]
> > Web:     www.comsquared.com
> >
> >
> > ray v wrote:
> > > Has anyone been able to get a certificate signed
> > by
> > > openssl CA to accept the identity certificate?
> > >
> > >
> > > 1. Gen manual pkcs10 req on 3kvpn
> > > 2. Sign 3kvpn req and make cert
> > > 3. install cert through cut and paste or file
> > transfer
> > >
> > > error message
> > >
> > > Error installing SSL certificate: Incomplete
> > chain.
> > >
> > > I verified the chain and for everything else not
> > 3kvpn
> > > things are working peachy.
> > >
> > > On the other hand Cisco hasn't been much help at
> > all,
> > > but I still have hope.
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Yahoo! Mail Mobile
> > > Take Yahoo! Mail with you! Check email on your
> > mobile phone.
> > > http://mobile.yahoo.com/learn/mail 
> > >
> >
>
______________________________________________________________________
> > > OpenSSL Project                                
> > http://www.openssl.org
> > > User Support Mailing List                  
> > [hidden email]
> > > Automated List Manager                          
> > [hidden email]
> >
>
______________________________________________________________________

> > OpenSSL Project                                
> > http://www.openssl.org
> > User Support Mailing List                  
> > [hidden email]
> > Automated List Manager                          
> > [hidden email]
> >
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new Resources site
> http://smallbusiness.yahoo.com/resources/
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>



               
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

(no subject)

Gayathri Sundar
Hi,

I am using Non Blocking sockets, and would like to
know the behaviour wrt SSL_renegotiation.
Once I make a call to do_handshake, as the FD is non
blocking it will return immediately with a success,
but from the application's point of view how will it come
to know that the renegotiation in thro' so that it can
call SSL_write/SSL_read? Should the application poll on that
do_handshake flag within the ssl control block?

Any suggestion/help appreciated a lot.

Thanks
--Gayathri
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]