certificate with ISAKMPD

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

certificate with ISAKMPD

Doug Frippon
Hi all,
   I'm trying to get a win2k interpolate with a OpenBSD 3.8 using ISAKMPD.
The problem is I get a "no keystate in ISAKMP SA" error.
I suspect that my certificate are not well done. I mean ISAKMPD with a pre-shared key work perfectly.
I've read that with ISAKMPD I must use a FQDN as altSubjectname.
Could this be the origin of my problem.
And if so, how can I fix it.
I also read that I should use "certpatch" to do so, but it's not present in OBSD 3.8
So how can I do this
 
Doug2die4
Reply | Threaded
Open this post in threaded view
|

Re: certificate with ISAKMPD

Girish Venkatachalam
Doug,

Certpatch was needed when OpenSSL did not have support
for SubjAltName. That is the reason you don't find it
in the latest version of OpenBSD.

You will find certpatch in an old CVS snapshot in the
OpenBSD tree.

I am attaching a slightly modified certpatch for your
use.

All the best!

regards,
Girish
--- Doug Frippon <[hidden email]> wrote:

> Hi all,
>    I'm trying to get a win2k interpolate with a
> OpenBSD 3.8 using ISAKMPD.
> The problem is I get a "no keystate in ISAKMP SA"
> error.
> I suspect that my certificate are not well done. I
> mean ISAKMPD with a
> pre-shared key work perfectly.
> I've read that with ISAKMPD I must use a FQDN as
> altSubjectname.
> Could this be the origin of my problem.
> And if so, how can I fix it.
> I also read that I should use "certpatch" to do so,
> but it's not present in
> OBSD 3.8
> So how can I do this
>
> Doug2die4
>
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

certpatch.c (11K) Download Attachment