CAC modules
Mcclelland, Michael B Mr CTR USN USA
michael.b.mcclelland at us.army.mil
Thu Jul 12 17:52:14 EDT 2012
Success! Pulling in certs was the last thing it needed. I'm up and running and the vpn connection is working great. Thank you all very much for your help, I couldn't have gotten this far without it.
R/S
MM
-----Original Message-----
From: David Woodhouse [mailto:dwmw2 at infradead.org]
Sent: Thursday, July 12, 2012 4:17 PM
To: Mcclelland, Michael B Mr CTR USN USA
Cc: openconnect-devel at lists.infradead.org
Subject: Re: CAC modules
On Thu, 2012-07-12 at 16:09 -0400, Mcclelland, Michael B wrote:
> Just a quick update on my progress. The patch did fix my issue
> presenting the certificate to the server; thanks again. I'm now to
> find out why the ASA rejects my certificate when I connect with
> Openclient.
My first thought would be that the server doesn't have the full trust
chain back to its root. You can use tcpdump to capture the exchange
between you and the server:
tcpdump -i eth0 -s 1500 host $VPNSERVER -w filename.cap
Replace 'eth0' with the name of the interface you're using for your
Internet connection. Perhaps it's 'wlan0' if you're on wireless.
If you send me (in private) the capture files which show OpenConnect and
the Cisco client connecting, we can compare the two.
--
dwmw2
More information about the openconnect-devel
mailing list