[ previous ] [ next ] [ threads ]
 From:  "Enrique Maldonado A." <enrique at directemar dot cl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] x.509 certificate and RSA key specific instructions for M0n0wall
 Date:  Mon, 20 Mar 2006 08:27:49 -0400

The problem is your private key are encrypted, just use a clear text one 
and all works fine.

you can use the instructions in the X509 Authentication section of the 
isakmpd man page in OpenBSD.


or any other page about the use of X.509 certs with racoon or isakmpd.


Enrique Maldonado

Troy escribió:
> I recently built a m0n0wall server and was looking to enable the certs. I
> built some self signed certificates in what I thought was the right format
> (RSA private key in PEM, x.509 in PEM) but apparently not because when I
> pasted them in, the box would no longer function and I couldn't log in
> through the PHP front end.  I had to do a complete reset of the config to
> get back in. 
> Does anyone have the specific steps for how to create the certs in the
> format that M0n0wall likes?  I also wasn't sure if I should paste in the
> cert with the parts at the beginning like:
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,0955AB8F4E5F4BC
> I think having these instructions in the m0n0wall handbook would really
> help people due to the fact if you sign it wrong - there isn't a
> checker/validator and you can completely lock yourself out other than
> going in through the console.
> I don't want to go through that a second time - was hoping someone had the
> specific commands to create the right cert/key and what specifically to
> paste into the PHP windows so it works.
> Thanks,
> -Troy
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch