ISAKMPD question: ID-type ASN1_...?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ISAKMPD question: ID-type ASN1_...?

Toni Mueller-10
Hi,

I've run into an interoperability problem with an Astaro, which does not
like our certificate. The certificate basically looks like

...
  Subject: C=DE, L=..., CN=IP-number
...
  Subject Alternative Name: IPv4 Address: IP-number
...


Now the Astaro is said to require an ID type of ASN1-DN, when used in
conjunction with X.509 certificates, but it also appears that OpenBSD
can't send that to the remote side. Or am I wrong?

TIA!


Kind regards,
--Toni++

Reply | Threaded
Open this post in threaded view
|

Re: ISAKMPD question: ID-type ASN1_...?

Ingo Schwarze
Hi Toni,

Toni Mueller wrote on Wed, Jan 04, 2012 at 06:09:55PM +0100:

> I've run into an interoperability problem with an Astaro, which does
> not like our certificate. The certificate basically looks like
>
> ...
>   Subject: C=DE, L=..., CN=IP-number
> ...
>   Subject Alternative Name: IPv4 Address: IP-number
> ...
>
> Now the Astaro is said to require an ID type of ASN1-DN,
> when used in conjunction with X.509 certificates,

A colleague of mine working on the IPsec subsystem of the ASG
says that the ASG can be configured to accept an ID-type
of "IP-number", if i understand correctly what he says.

So maybe, the problem might not be on the OpenBSD side, but the ASG
might be misconfigured.  In case you do not manage to solve this
yourself, consider calling Astaro support or check out the
Astaro User Bulletin Board (astaro.org, a public support forum).

Yours,
  Ingo

--
[hidden email] | Software Engineer, Network Security
Astaro GmbH & Co. KG - a Sophos company | 76227 Karlsruhe, Germany
www.astaro.com | www.sophos.com