<meta http-equiv="content-type" content="text/html; charset=utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><div>Hello All,</div><div><br></div><div>
I'm hitting a problem trying to use shrewsoft w/ RSA certs. Is there a step-by-step guide (most importantly including the shrewsoft config) for doing RSA?</div><div><br></div><div>I've rolled my own CA, signed out some certs, I use the OU in the RDN to distinguish rolls, OU=Server just for servers, OU=Client for normal clients and OU=Admin for administrative clients (may get additional routing permissions to connect to private nets behind the servers).</div>
<div><br></div><div>So, I did a minimalistic setup on the shrewsoft client, the only things I configed are:</div><div><br></div><div>1. FQDN of the server to connect to</div><div>2. Selected Mutual RSA</div><div>3. local identity - ASN.1, using the subject of the cert (openswan is set to use the subject to determine the connection permission)</div>
<div>4. Remote ID - 'any' (just in case this is causing the problem)</div><div>5. Credentials - I loaded the ca.pem, and the client's .crt and .key. I switch around and use pkcs12, pem, you name it, doesn't matter.<br>
<br></div><div>(did I miss anything?)</div><div><br></div><div>When I tell it to connect, this is the output I get:</div><div><br></div><div><div>config loaded for site '<a href="http://vhost5.csrtechnologies.com/" target="_blank" style="color: rgb(28, 81, 168); ">vhost5.csrtechnologies.com</a>'</div>
<div>configuring client settings ...</div><div>attached to key daemon ...</div><div>peer configured</div><div>iskamp proposal configured</div><div>esp proposal configured</div><div>client configured</div><div><b><font class="Apple-style-span" color="#ff0000">server cert config failed</font></b></div>
<div>detached from key daemon ...</div></div><div><br></div><div><br></div><div>Why is it hitting me w/ server cert config failed?</div><div><br></div><div>When I look in the documentation there's a lot of "this is how ipsec and rsa works" but I'm not seeing any "this is how you configure the client".</div>
<div><br></div><div>Thanks for any and all help.</div></span>