Can't make certificate auth work

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Fri Sep 18 02:29:33 PDT 2015


On Wed, Sep 16, 2015 at 5:20 PM, Dangyi Liu <leedypku at gmail.com> wrote:
> Hi,
> I have successfully made password authentication work with iOS AnyConnect and ocserv 0.10.8. But when I try to change to certificate authentication, it complains
> client certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.
> I followed every instruction in http://www.infradead.org/ocserv/manual.html. However, when I execute "certtool --to-p12”, it prompts "Enter a name for the key: “ which is not mentioned in manual. Is it related to my problem? Or maybe I just have a wrong config?

The issue is in the client. You need to instruct the client that it
needs to trust the certificate. I guess there should be such an option
in its UI.

regards,
Nikos



More information about the openconnect-devel mailing list