Re: VPN 3000 - Microsoft CA - Certificates issues

georgegrispos · ‎08-03-2007

Hi!

I try to set up a remote access vpn using certificate authentication. We have a vpn3030 (4.7.2.L) on the central site and windows xp laptops with vpn client (4.8.02.0010). We also have a Microsoft CA structure with a root and a sub CA. Both laptop and concentrator enroll to the sub CA (scep) and get their identity certificates ok. When the laptop tries to connect and after the concentrator validates the laptop certificate ok:

1376 07/17/2007 10:58:55.360 SEV=5 IKE/79 RPT=35 xxx.xxx.xxx.xxx

Group [GROUPNAME]

Validation of certificate successful

(CN=LAPTOPCERTIFICATE, SN=4476558D000000000006)

it closes the communication with the following error message:

1394 07/17/2007 10:58:56.470 SEV=5 IKE/68 RPT=19 xxx.xxx.xxx.xxx

Group [GROUPNAME]

Received non-routine Notify message: Invalid certificate (20)

What do you think?

carenas123 · ‎08-10-2007

Digital signatures, based on public key cryptography, digitally authenticate devices and individual users. In public key cryptography, each device or user has a key pair containing both a private key and a public key. Digital certificates link the digital signature to the remote device. A digital certificate contains information to identify a user or device, such as the name, serial number, company, department, or IP address. It also contains a copy of the entity's public key. The certificate is itself signed by a certificate authority (CA), a third party that is explicitly trusted by the receiver to validate identities and to create digital certificates