[ previous ] [ next ] [ threads ]
 
 From:  "Enrique Maldonado A." <enrique at directemar dot cl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] x.509 certificate and RSA key specific instructions for M0n0wall
 Date:  Mon, 20 Mar 2006 08:27:49 -0400
Hi,

The problem is your private key are encrypted, just use a clear text one 
and all works fine.

you can use the instructions in the X509 Authentication section of the 
isakmpd man page in OpenBSD.

http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

or any other page about the use of X.509 certs with racoon or isakmpd.

Regards,

Enrique Maldonado


> I recently built a m0n0wall server and was looking to enable the certs. I
> built some self signed certificates in what I thought was the right format
> (RSA private key in PEM, x.509 in PEM) but apparently not because when I
> pasted them in, the box would no longer function and I couldn't log in
> through the PHP front end.  I had to do a complete reset of the config to
> get back in. 
> 
> Does anyone have the specific steps for how to create the certs in the
> format that M0n0wall likes?  I also wasn't sure if I should paste in the
> cert with the parts at the beginning like:
> 
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,0955AB8F4E5F4BC
> 
> I think having these instructions in the m0n0wall handbook would really
> help people due to the fact if you sign it wrong - there isn't a
> checker/validator and you can completely lock yourself out other than
> going in through the console.
> 
> I don't want to go through that a second time - was hoping someone had the
> specific commands to create the right cert/key and what specifically to
> paste into the PHP windows so it works.
> 
> Thanks,
> 
> -Troy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch