IPSec "road warrior" configuration for a Windows 7 (and XP) client
Hi, I am struggling to get IPSec access from a Windows 7 client. On the server, I have - a self-generated CA cerificate cacert.pem and a private key cakey.pem - a signed certificate warrior1-cert.pem and a private key warrior1-key.pem I managed to import the cacert.pem as a new trusted root CA in Windows 7 using mmc and this: http://technet.microsoft.com/en-us/library/cc754841.aspx I just don't know where to put the warrior1-cert.pem. When I connect a VPN configured with http://kb.iweb.com/entries/22375983-Configuring-new-VPN-L2TP-IPSec-connectio... it tells me: "Error 766: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate." I fiddled around a bit with the mmc, putting the warrior1-cert.pem into the "Private" collection of the machine, or let it choose the store "automatically" but I haven't had success. What are the missing parts? If I have done it, I have to do the same on XP..:-( If someone has it working please let me know how. Thank you Peter
What's the output of "certutil.exe -store My"? There are few possibilities: 1) the certificate is missing from the computer store; 2) it doesn't have private key in the store (need to generate PKCS #12/PFX package and import it into the store); 3) the certificate is missing necessary attributes, such as Enhanced Key Usage of "IP security IKE Intermediate" (ref. http://technet.microsoft.com/en-us/library/dd941612(v=WS.10).aspx and http://carbonwind.net/blog/post/VPN-Reconnect-in-Windows-7-RC-redux.aspx ) HTH Slav
-----Original Message----- From: luv-talk-bounces@lists.luv.asn.au [mailto:luv-talk- bounces@lists.luv.asn.au] On Behalf Of Petros Sent: Tuesday, 17 December 2013 10:20 AM To: luv-talk@luv.asn.au Subject: [luv-talk] IPSec "road warrior" configuration for a Windows 7 (andXP) client
Hi,
I am struggling to get IPSec access from a Windows 7 client.
On the server, I have - a self-generated CA cerificate cacert.pem and a private key cakey.pem - a signed certificate warrior1-cert.pem and a private key warrior1-key.pem
I managed to import the cacert.pem as a new trusted root CA in Windows 7 using mmc and this:
http://technet.microsoft.com/en-us/library/cc754841.aspx
I just don't know where to put the warrior1-cert.pem.
When I connect a VPN configured with http://kb.iweb.com/entries/22375983-Configuring-new-VPN-L2TP-IPSec- connections-in-Windows-7
it tells me:
"Error 766: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate."
I fiddled around a bit with the mmc, putting the warrior1-cert.pem into the "Private" collection of the machine, or let it choose the store "automatically" but I haven't had success.
What are the missing parts?
If I have done it, I have to do the same on XP..:-(
If someone has it working please let me know how.
Thank you Peter
_______________________________________________ luv-talk mailing list luv-talk@lists.luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk "This e-mail and any attachments to it (the "Communication") is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited (together "ANZ"). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication."
participants (2)
-
Petros -
Pidgorny, Slav (GEUS)