csd-post.sh "You are attempting to use a digital certificate not assigned to this device"
David Woodhouse
dwmw2 at infradead.org
Tue Jul 4 05:51:59 PDT 2023
On Fri, 2023-06-30 at 11:09 -0700, Daniel Lenski wrote:
> On Mon, Jun 26, 2023 at 4:56 AM Grant Williamson <traxtopel at gmail.com> wrote:
> > I'm encountering an issue with the csd-post.sh script. When attempting
> > to use it, I receive the error message: "You are attempting to use a
> > digital certificate not assigned to this device." I would appreciate
> > any insights on how to add support for when a server cross checks the
> > MAC address functionality in the script.
>
> > Helps if I just try using what is there. Sorry.
> > endpoint.device.MAC["FFFF.FFFF.FFFF"]="true";
>
> Glad you figured out, but… wow.
>
> "Digital certificate not assigned to this device" is a very
> misleading/unclear/irrelevant error message for "you didn't tell us
> your MAC address."
To be fair, we *did* tell it our MAC address. We just *lied* and told
it our MAC address was FF:FF:FF:FF:FF:FF. While using a certificate
assigned to some other device.
Using a MAC address as the host identifier isn't that unusual (although
it does have issues when you have multiple devices, and it's better to
use the system UUID from /etc/machine-id where it exists).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20230704/8217aa83/attachment.p7s>
More information about the openconnect-devel
mailing list