VPN concentrator and certificates

koksm · ‎05-17-2004

Hello,

I'm in the middle of setting up a VPN concentrator to use certificates with IPsec. I am using the Microsoft CA, which seem to work fine.

I encountered two problems, maybe someone else saw this as well.

First of all, the concentrator 3030 with the latest software (4.1.4) looses the CA root certificate as well as the identity certificate when it reboots. Is this normal behaviour? I hope not!

And on the VPN software client i get an error message which says; "certificate could not be verified" when i try to log on with a certificate.

When requesting a certificate for the client there are a number of fields to fill in, and one of them asks for the IP address. This is DHCP assigned, so i couldn't fill that in. Could that be casusing the error message?

Obtaining certificates is not the problem. At least that part works ok.

Any help is appreciated!

Marcel

nikhil_m · ‎05-31-2004

Any update on this ?

koksm · ‎05-31-2004

Hi, well, maybe.

We put in for a TAC service request, and the attending engineer supects that the file system of the concentrator is corrupted. We should therefore format the flash, and try again with storing the certificates.

If this goes well, the problem with the client should be fixed as well. The TAC engineer thinks the problems are related.

I did not have a change to format the flash, because the concentrator is located on another site.

koksm · ‎05-31-2004

Forgot to ask; did you encounter the same problems?