Firewall Wizards mailing list archives
CRL problem with VPN-1 4.1 and iPlanet CMS 4.2
From: Tamas FORJAN <tamas () 2fkft com>
Date: Tue, 04 Dec 2001 16:37:00 +0100
Dear Wizards, we have run into serious problems with VPN-1 + iPlanet CMS 4.2. We would like to use the iPlanet CMS to issue user certificates to SecuRemote users, and have VPN-1 authenticate them from a Netscape Directory Server via LDAP. There seems to be some problem related to the CMS, though. SecuRemote clients can log on to the network using IPSec and userid/password as authentication scheme. Usernames and passwords can be taken from the LDAP server - so far so good. When we switch to using certificates, though, it does not work anymore. We see two errors: 1. In the firewall log, there is an IKE log entry saying: "Certificate xxx cannot be validated. No valid CRL." xxx is the name of the firewall module's certificate issued by the CMS. 2. At the SecuRemote client, when trying to add the site to SecuRemote, we get an error "Communication with server failed". This does not happen if we use password authentication instead of certificates. (we exported the CA key and imported into VPN-1, generated a certificate for the gw and certified it with the CA, and did all the steps that were documented to make CA+LDAP work) We feel there is some problem with the CRL processing, but cannot determine what. Does anyone have any ideas to help us? Thank you, -- FORJAN Tamas Technical Support 2F 2000 Szamitastechnikai es Szolgaltato Kft. http://www.2f.hu/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- CRL problem with VPN-1 4.1 and iPlanet CMS 4.2 Tamas FORJAN (Dec 04)