I've had problems with certificates and Cisco if any of the keys in the chain are greater than 2048 This includes the CA
| ray v <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 05/12/2005 01:16 AM
|
|
Hi All, Hi Steve!
Does anyone have documentation on how to get a
concentrator to accept certificate signed by openssl?
Cisco VPN 3030 4.x
On the concentrator I have install both my Root CA
certificate and the Sub CA I used to sign request for
internal devices. Next I generate a manual request
from the certificate manager, copy that over to where
it will be sign. Check to make sure its valid using
openssl req -in my.req.
Sign the request and make the certificate using the
Sub CA. I think do openssl x509 -in my.cert -text
-noout -purpose to make sure its valid and that the
purpose has been set correctly.
Next I copy the my.cert file over to a machine I
access the certificate manager on the concentrator. I
select install from the request pending windows and
choose cut & paste as my option to copy the
certificate.
The concentrator spits out the following error
" An error has occurred while attempting to perform
the operation.
Error installing identity certificate: Incomplete
chain. "
This leads me to believe I've done something wrong
with the chain. I have gone back to verify that the
root CA and sub CA certificates are correct and that
the right sub CA sign the certificate request. Further
I've verify that the sub CA certificate configuration
on the concentrator is set to accept certificate sign
by itself.
Has anyone any idea what I'm doing wrong??
As always I appreciate any help and special thanks to
Dr. Steve who seems tireless in his efforts on this
list!
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity to
which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
