Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1342
Views
0
Helpful
1
Replies

Could not load private key for certificate

by.soo
Level 1
Level 1

‎08-27-2004 01:01 AM

I am new learning how to setup MS certificate authenticaion for VPN 3000 Concentrator clients. MS Cert runs on a Windows 2000 Active Directory with 1-way trust with NT 4 domain controller (this is where all domain users are stored). The certificate is valid. But, I can only logon successfully when I dialup from the same machine and after I have logged to the NT domain first. Otherwise, I will receive "unable to contact security gateway". Following are further informations that I have captured. Any ideas please??? thanks muchly.

Log from VPN Client

41 18:43:22.115 08/27/04 Sev=Info/4 CERT/0x63600015

Could not load private key for certificate cn=XXXX,ou=XXX,o=Company Name,l=Suburb Name,st=State name,c=AU,e=username@xyz.com.au from store Microsoft User Certificate.

42 18:43:22.115 08/27/04 Sev=Warning/2 IKE/0xE3000007

Unable to open certificate (cn=XXXX,ou=XXX,o=Company Name,l=Suburb Name,st=Sate name,c=AU,e=username@xyz.com.au).

If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.

Log from VPN Concentrator 3000

1 08/27/2004 19:41:14.440 SEV=5 IP/49 RPT=18

Headend transmitting TCP SYN-ACK pkt to client 203.61.92.39, TCP dest port 1906

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎09-13-2004 06:03 AM

Cheeck the bug - CSCee42836. This describes a similar problem.

0 Helpful
Customers Also Viewed These Support Documents