Hi All, I am generating 1k/2k/3k/4k CSR's on our device using OpenSSL library. I am generating these CSR on our device. We have windows 2008 R2 servers and I am signing these CSR using certificate authority on windows server. I am setting only client and server authentication bits in the CSR since these are simple end entity certificates. Once certificates are generated , I am able to install the certificates on our device.
These certificates are working well with 802.1x (EAP-TLS) setup on the same windows 2008 R2 server. However when I was trying to test IPsec with certificate based authentication, authentication is failing.Enabling the IPsec event viewer shows error in accepting the certificate and generates a “invalid signature” message which looks to be generic. Failures are seen only with 3k and 4k certificates. Later I refered to a link http://blog.gentilkiwi.com/tag/bag-attributes added -LMK -CSP "xxx" -name options, certificate worked well. I wanted to know is any one having similar experience with 3k and 4k ID certificates that does not have these fields on windows system. Any help is appreciated. Regards Jayalakshmi
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
