Re: non-routine Notify message: Invalid certificate

thibaus · ‎10-25-2004

I am doing client to VPN 3030 and since I changed certificate authority I get this sequence on events and I just don't get it:

3238 10/25/2004 15:08:53.330 SEV=5 IKE/79 RPT=1 1.1.1.1

Group [xxxxxx]

Validation of certificate successful

(CN=yyyyyyyyyyy, SN=wwwwwwwwwwwww)

3240 10/25/2004 15:08:53.330 SEV=7 IKEDBG/0 RPT=14 1.1.1.1

Group [xxxxxx]

peer ID type 9 received (DER_ASN1_DN)

3241 10/25/2004 15:08:53.330 SEV=9 IKEDBG/1 RPT=5 1.1.1.1

Group [xxxxxx]

constructing ID

3242 10/25/2004 15:08:53.330 SEV=9 IKEDBG/0 RPT=15 1.1.1.1

Group [xxxxxx]

constructing cert payload

3243 10/25/2004 15:08:53.330 SEV=9 IKEDBG/1 RPT=6 1.1.1.1

Group [xxxxxx]

constructing RSA signature

3244 10/25/2004 15:08:53.330 SEV=9 IKEDBG/0 RPT=16 1.1.1.1

Group [xxxxxx]

computing hash

3245 10/25/2004 15:08:53.380 SEV=8 IKEDBG/81 RPT=13 1.1.1.1

SENDING Message (msgid=0) with payloads :

HDR + ID (5) + CERT (6)

total length : 2493

3247 10/25/2004 15:08:53.650 SEV=8 IKEDBG/81 RPT=14 1.1.1.1

RECEIVED Message (msgid=e3f0dd6e) with payloads :

HDR + HASH (8) + NOTIFY (11) + NONE (0)

total length : 1386

3249 10/25/2004 15:08:53.650 SEV=9 IKEDBG/0 RPT=17 1.1.1.1

Group [xxxxxx]

processing hash

3250 10/25/2004 15:08:53.650 SEV=9 IKEDBG/0 RPT=18 1.1.1.1

Group [xxxxxx]

Processing Notify payload

3251 10/25/2004 15:08:53.650 SEV=5 IKE/68 RPT=1 1.1.1.1

Group [xxxxxx]

Received non-routine Notify message: Invalid certificate (20)

Thanks for the help

smalkeric · ‎10-29-2004

The rejection is on the remote end of the device. Check on the client why it is rejecting the Concentrators certificate.