[vpn-help] Fwd: invalid message from gateway

Stefan Bauer stefan.bauer at cubewerk.de
Sat Mar 6 04:55:01 CST 2010

Am 06.03.2010 08:04, Libor Arndt schrieb:
> On Thu, 04 Mar 2010 17:19:13 +0100, Stefan Bauer wrote:
>> Here we go. The certificate is key protected. Unfortunately i'm not
>> familiar with the way cisco provides the certificates and howto
>> export different parts. In the best case it's just an openssl
>> generated cert and can be exported with openssl as well. Probably
>> that is what the shrew client is trying to achieve.
> Thanks for the reply. But am I doing something wrong or there is some lack  
> of functionality in the Shrew client and nothing can be done about it?
> I tried other non Cisco VPN client, NCP secure entry client which accepted  
> the same certificate and worked without any problems.
> So the certificate can be used in non CISCO clients.
> The difference is that I imported the certificate to the NCP client only  
> once, but I have to import the certificate three times to the Shrew client.
> Server, client and private key certificate.

This .pcx file is most likely a PKCS#12 certificate container, with
the cert of the Root-CA, your client cert and your client key in it.
 Obviously it is key-protected. I have no way to verify that, due to
lack of cisco hardware but it looks like that.

After importing your cert in the client and hitting connect, did you
get promted for a password to unlock the cert?

It's like "Password for "gncs_new.pfx - please enter the Password

If i enter at this time a wrong password, the error message is
ecactly like yours:

load failed, requesting password

Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------

More information about the vpn-help mailing list