| View previous topic :: View next topic |
| Author |
Message |
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
 Posted: Wed Sep 06, 2006 12:26 pm Post subject: IpSec + Rsasig authentication method is it possible? |
 |
|
Sorry guys but im trying to establish a ipsec connection between 2 peers in an Lan for testing mode using the RsaSig authentication method but till now i didnt make it to work...
Does anyone allready make it work with RsaSig ???
How does it Work?Where does the CA is?on the host machine?is the certificate equal for both machines???
If anyone knows i'll be thankfull if it help me.
Thk |
|
| Back to top |
|
 |
jhmartin
Tux's lil' helper
Joined: 03 Sep 2003
Posts: 95
|
| Posted: Wed Sep 06, 2006 7:22 pm Post subject: |
|
|
You should have 3 certs in play. 1 is the 'CA', the top level cert. The public portion of this cert must be installed on both machines as trusted.
The other two certs are the host certs. They must be signed by the trusted cert. |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Thu Sep 07, 2006 9:33 am Post subject: |
|
|
Sorry but im new on this things....
Does i have to have 2 CA???one in each machine?
| Quote: |
The public portion of this cert must be installed on both machines as trusted.
|
Public portion????what is that???
| Quote: |
The other two certs are the host certs. They must be signed by the trusted cert.
|
Are the 2 certs equals??? can i make a copy of one signed by the CA and copy to the client machine and use it???
Thk |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Thu Sep 07, 2006 10:00 am Post subject: |
|
|
i dont know what im doing wrong but on the client side it's giving me this error:
| Code: |
Sep 7 10:36:22 localhost racoon: DEBUG: Certificate:
Sep 7 10:36:22 localhost Data:
Sep 7 10:36:22 localhost Version: 3 (0x2)
Sep 7 10:36:22 localhost Serial Number: 1 (0x1)
Sep 7 10:36:22 localhost Signature Algorithm: md5WithRSAEncryption
Sep 7 10:36:22 localhost Issuer: C=PT, ST=Lisboa, L=Lisboa, O=Vpn, OU=Vpn, CN=localhost
Sep 7 10:36:22 localhost Validity
Sep 7 10:36:22 localhost Not Before: Sep 5 17:41:55 2006 GMT
Sep 7 10:36:22 localhost Not After : Sep 5 17:41:55 2007 GMT
Sep 7 10:36:22 localhost Subject: C=PT, ST=Lisboa, L=Lisboa, O=Vpn, OU=Vpn, CN=Vpn Cert
Sep 7 10:36:22 localhost Subject Public Key Info:
Sep 7 10:36:22 localhost Public Key Algorithm: rsaEncryption
Sep 7 10:36:22 localhost RSA Public Key: (1024 bit)
Sep 7 10:36:22 localhost Modulus (1024 bit):
Sep 7 10:36:22 localhost 00:ac:a8:d1:fa:e6:da:bb:3e:ec:0b:9a:e2:99:ad:
Sep 7 10:36:22 localhost 92:d6:20:48:10:cc:f2:8a:31:eb:75:df:97:39:a5:
Sep 7 10:36:22 localhost 3f:95:71:54:26:98:74:6e:4b:dd:84:a8:36:71:b6:
Sep 7 10:36:22 localhost c2:e4:c9:82:e1:cd:92:94:96:57:7d:48:d9:11:22: a6:6f:45:ad:b7:fb:b3:fa:a1:02:14:65:66:f2:c7: 50:d9:03:ad:75:bd:e0:a1:17:03:d5:4e:b8:b8:f4: 9f:39:4c:60:de:a0:d8:79:cd:75:52:8c:0b:cd:ae: e8:b1:1e:60:15:ba:10:11:c1:8d:06:e1:a4:4a:7e: 40:68:f3:3c:cf:28:eb:b0:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 91:79:59:66:A8:49:6F:19:81:4D:02:9E:23:E5:66:7D:9B:8E:7D:95 X509v3 Authority Key Identifier: keyid:82:EB:EF:F7:F2:B7:EE:06:52:1E:32:B1:9B:E4:D0:EE:91:D2:54:2A DirName:/C=PT/ST=Lisboa/L=Lisboa/O=Vpn/OU=Vpn/CN=localhost serial:99:F3:56:40:AE:D2:AD:B3 Signature Algorithm: md5WithRSAEncryption 9e:7a:4d:95:0d:48:3e:a0:37:0e:d4:a5:9f:f4:cd:59:e7:fa: 7e:60:e7:3d:cb:5d:bd:f8:88:b2:6c:c2:3c:9c:fd:f6:7b:89: dd:64:b8:78:f8:a8:6e:9a:63:16:ba:b4:5b:67:a2:94:dc:75: 0b:2d:15:40:d2:c2:8e:75:ce:90:06:8b:78:77:08:3f:d6:72: 4b:78:76:9d:33:68:71:f4:be:db:eb:91:e1:40:2e:dd:75:9d: 09:64:93:91:ae:45:4d:5a:32:c8:3b:84:3a:f4:79:b2:56:74: ad:29:89:74:0d:b7:53:53:16:6e:c5:97:0e:92:9c:cc:78:9d: 00:06
Sep 7 10:36:22 localhost racoon: DEBUG: CR saved:
Sep 7 10:36:22 localhost racoon: DEBUG:
Sep 7 10:36:22 localhost racoon: DEBUG: SIGN passed:
Sep 7 10:36:22 localhost racoon: DEBUG: 55088dfe a7376ce1 71283322 7fbe53ca 26db0b25 e83760de 9d3abc99 0cc86d04 2aa9d8d6 ac3b41a1 bb9c7e87 f753e2c0 d6e601f3 9962cd40 338ea27e 7913e0b4 95d774ef 37de1091 4fb8c462 a18c4296 1b2f69fa 8f6b2cc5 d1228cad 1f780daf 7c4e721e b3b9b628 f1508519 8b3dd50e 8abab211 2cf7dc75 c8741c03 9bec82ca
Sep 7 10:36:22 localhost racoon: ERROR: unable to get local issuer certificate(20) at depth:0 SubjectName:/C=PT/ST=Lisboa/L=Lisboa/O=Vpn/OU=Vpn/CN=Vpn Cert
Sep 7 10:36:22 localhost racoon: ERROR: the peer's certificate is not verified.
|
Does anyone knows what im making wrong?? |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Thu Sep 07, 2006 3:19 pm Post subject: |
|
|
Anyone???i really need some help on this |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Thu Sep 07, 2006 8:06 pm Post subject: |
|
|
| johnny_martins00 wrote: |
Anyone???i really need some help on this |
|
|
| Back to top |
|
|
jhmartin
Tux's lil' helper
Joined: 03 Sep 2003
Posts: 95
|
| Posted: Fri Sep 08, 2006 2:34 am Post subject: |
|
|
| Looks like your CA isn't trusted on both ends. |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Fri Sep 08, 2006 11:32 am Post subject: |
|
|
| how that???how does the rsasig work??? |
|
| Back to top |
|
|
johnny_martins00
Apprentice
Joined: 01 Jun 2006
Posts: 293
|
| Posted: Sat Sep 09, 2006 9:42 am Post subject: |
|
|
can anyone tell me if in a Vpn peer to peer do i need the verify_cert field and the peer_cert field to??
Thk |
|
| Back to top |
|
|
|
Networking & Security
