Reply To: Certificate passwords

Home Page Forums Network Management ZeroShell Certificate passwords Reply To: Certificate passwords

#45030

chemical
Member

I modified /etc/ssl/openssl.cnf and set input_password and output_password to something and tried to regen the certificates; still does not work.

Then I found a page on the web about certificates being used by the OS X client: http://www.jacco2.dds.nl/networking/openswan-macosx.html#Certs

Seems that OS X will not accept a server certificate in distinguished name format (which they appear to be generated as) without adding user_cert option subjectAltName=DNS:

Of course it’s not possible to do this as the changes made to openssl.cnf are wiped out after a reboot.

If I understand correctly (and I probably don’t), this makes zeroshell config incompatible with OS X clients as far as x.509 VPN access goes?