[ale] OT: IPSEC
Joseph A. Knapka
jknapka at earthlink.net
Sat May 12 18:02:56 EDT 2001
Well, I've ironed out the personal certificate issue, I think:
openssl has facilities to convert between PEM and DER, which
is what the Cisco software produces. But I still have a CA
certificate in "serialized certificate" format (apparently
an M$ thing), which openssl can't seem to deal with. And a
"private key" file that I'm not sure whether I need or not,
in YAMF (yet another mysterious format) :-/
Floundering around in the IPSEC mud,
-- Joe
root wrote:
>
> Can't help much, but I do recognize the 'pem' format. It's the same
> format used by BEA's Weblogic EJB server for it's security certificates.
> That's the extent of my vast knowledge on the subject :-)
>
> Ed.
>
> "Joseph A. Knapka" wrote:
> >
> > Hi everyone,
> >
> > I've got Cisco SecureNet IPSEC client software (supplied by my
> > employer) set up on my NT laptop, so I can access the coporate
> > VPN. I'm trying to export the certificates so I can get my firewall
> > (an OpenBSD box) to handle the IPSEC bit and let me talk to the
> > corporate net from any machine on my home LAN.
> >
> > The problem is, the IPSEC daemon on the OBSD box won't read the
> > certificate files exported from the SecureNet software. OBSD
> > wants the certificates in something called "PEM format"; I
> > have no idea in what format the Cisco software exports them.
> > Has anyone out there tried anything like this? (The OBSD isakmpd
> > chokes when opening the certificate files with "undefined error
> > 0", which is less than helpful, to me anyway.) It looks as if
> > the files exported by the Cisco software are in some
> > proprietary format, so I imagine I need converter software,
> > but I haven't been able to track such down online.
> >
> > Thanks,
> >
> > -- Joe
> >
> > --
> > "If I ever get reincarnated... let me make certain I don't come back
> > as a paperclip." -- protagonist, H Murakami's "Hard-boiled Wonderland"
> > // Linux MM Documentation in progress:
> > // http://home.earthlink.net/~jknapka/linux-mm/vmoutline.html
> > * Evolution is an "unproven theory" in the same sense that gravity is. *
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
"If I ever get reincarnated... let me make certain I don't come back
as a paperclip." -- protagonist, H Murakami's "Hard-boiled Wonderland"
// Linux MM Documentation in progress:
// http://home.earthlink.net/~jknapka/linux-mm/vmoutline.html
* Evolution is an "unproven theory" in the same sense that gravity is. *
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list