CAC modules

David Woodhouse dwmw2 at infradead.org
Thu Jul 12 16:16:56 EDT 2012


On Thu, 2012-07-12 at 16:09 -0400, Mcclelland, Michael B wrote:
> Just a quick update on my progress.  The patch did fix my issue
> presenting the certificate to the server; thanks again.  I'm now to
> find out why the ASA rejects my certificate when I connect with
> Openclient.

My first thought would be that the server doesn't have the full trust
chain back to its root. You can use tcpdump to capture the exchange
between you and the server:
	tcpdump -i eth0 -s 1500 host $VPNSERVER -w filename.cap

Replace 'eth0' with the name of the interface you're using for your
Internet connection. Perhaps it's 'wlan0' if you're on wireless.

If you send me (in private) the capture files which show OpenConnect and
the Cisco client connecting, we can compare the two.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120712/81704dbf/attachment.bin>


More information about the openconnect-devel mailing list