Certificate auth issue in 0.2.2
Karl
weeker at outlook.com
Sat Dec 7 14:53:57 EST 2013
Yes, sure, ca-cert set, log shows "[main] processed 1 CA
certificate(s)", and the cert-user-oid set to use CN too, but no luck.
On Sun, Dec 8, 2013 at 3:45 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sun, 2013-12-08 at 01:59 +0800, Karl wrote:
>> Hi,
>>
>> In my config, it has:
>>
>> auth = "certificate" auth = "plain[/opt/ocserv/passwd]"
>>
>> but AnyConnect client failed to connect, debug log shows:
>>
>> "No certificate was found."
>>
>> add "always-require-cert=false", it goes further, but still has error
>> like:
>>
>> "error verifying client certificate." Did I miss something or buggy in
>> 0.2.2?
>
> You'll need to set the authority that signed the client certificate
> with the ca-cert option. Otherwise ocserv doesn't know how which
> certificates are valid.
>
> regards,
> Nikos
>
>
More information about the openconnect-devel
mailing list