What's the output of "certutil.exe -store My"?
There are few possibilities: 1) the certificate is missing from the
computer store; 2) it doesn't have private key in the store (need to
generate PKCS #12/PFX package and import it into the store); 3) the
certificate is missing necessary attributes, such as Enhanced Key Usage
of "IP security IKE Intermediate" (ref.
http://technet.microsoft.com/en-us/library/dd941612(v=WS.10).aspx and
http://carbonwind.net/blog/post/VPN-Reconnect-in-Windows-7-RC-redux.aspx
)
HTH
Slav
-----Original Message-----
From: luv-talk-bounces(a)lists.luv.asn.au [mailto:luv-talk-
bounces(a)lists.luv.asn.au] On Behalf Of Petros
Sent: Tuesday, 17 December 2013 10:20 AM
To: luv-talk(a)luv.asn.au
Subject: [luv-talk] IPSec "road warrior" configuration for a Windows 7
(andXP) client
Hi,
I am struggling to get IPSec access from a Windows 7 client.
On the server, I have
- a self-generated CA cerificate cacert.pem and a private key
cakey.pem
- a signed certificate warrior1-cert.pem and a private
key
warrior1-key.pem
I managed to import the cacert.pem as a new trusted root CA in Windows
7 using mmc and this:
http://technet.microsoft.com/en-us/library/cc754841.aspx
I just don't know where to put the warrior1-cert.pem.
When I connect a VPN configured with
http://kb.iweb.com/entries/22375983-Configuring-new-VPN-L2TP-IPSec-
connections-in-Windows-7
it tells me:
"Error 766: A certificate could not be found. Connections that use the
L2TP
protocol over IPSec require the installation of a
machine certificate,
also
known as a computer certificate."
I fiddled around a bit with the mmc, putting the warrior1-cert.pem
into the
"Private" collection of the machine, or let
it choose the store
"automatically"
but I haven't had success.
What are the missing parts?
If I have done it, I have to do the same on XP..:-(
If someone has it working please let me know how.
Thank you
Peter
_______________________________________________
luv-talk mailing list
luv-talk(a)lists.luv.asn.au
http://lists.luv.asn.au/listinfo/luv-talk "This e-mail and any attachments to
it (the "Communication") is, unless otherwise stated, confidential, may contain
copyright material and is for the use only of the intended recipient. If you receive the
Communication in error, please notify the sender immediately by return e-mail, delete the
Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal
with it. Any views expressed in the Communication are those of the individual sender only,
unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN
11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited
(together "ANZ"). ANZ does not accept liability in connection with the integrity
of or errors in the Communication, computer virus, data corruption, interference or delay
arising from or in respect of the Communication."