个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
我现在正在努力为 Windows 7 创建 CA 证书以连接到 strongSwan。
问题是,无论我尝试多少标志,Windows 都不会使用它。我在 Trusted Root Certification Authorities 组中有 20 个证书。默认情况下这些都在那里。当我安装我的时,总共有 21 个。在连接尝试中,Windows 将尝试默认的 20,甚至是过时的,但不是我的。
形成StrongSwan wiki ,这是所需的日志输出:
May 12 05:49:56 koala charon: 13[ENC] unknown attribute type INTERNAL_IP4_SERVER
May 12 05:49:56 koala charon: 13[ENC] unknown attribute type INTERNAL_IP6_SERVER
May 12 05:49:56 koala charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP SA TSi TSr ]
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
May 12 05:49:56 koala charon: 13[IKE] received cert request for "C=CH, O=strongSwan Project, CN=strongSwan 2009 CA"
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
May 12 05:49:56 koala charon: 13[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
May 12 05:49:56 koala charon: 13[CFG] looking for peer configs matching 10.10.0.1[%any]...10.10.0.6[10.10.0.6]
我得到的是这样的:
11[ENC] unknown attribute type INTERNAL_IP4_SERVER
11[ENC] unknown attribute type INTERNAL_IP6_SERVER
11[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
11[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
11[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
11[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
11[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
11[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
11[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
11[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
11[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
11[IKE] received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
11[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
11[IKE] received cert request for unknown ca with keyid f0:17:62:13:55:3d:b3:ff:0a:00:6b:fb:50:84:97:f3:ed:62:d0:1a
11[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
11[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
11[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
11[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
11[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
11[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
11[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
11[IKE] received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
11[IKE] received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
11[CFG] looking for peer configs matching 192.168.0.204[%any]...192.168.0.201[192.168.0.201]
... 我的应该是 cc a6 77 ce 07 ca 9c e5 e1 79 c1 2f 52 0d 60 41 c0 fc 2c 02 但没有试过。
我添加了其他证书(以及更多)中包含的所有额外信息:
[ all_opts ]
keyUsage = digitalSignature, keyEncipherment, nonRepudiation, dataEncipherment, keyAgreement, keyCertSign, cRLSign
extendedKeyUsage = 1.3.6.1.5.5.8.2.2,1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.3, 1.3.6.1.5.5.7.3.4, 1.3.
6.1.5.5.7.3.5, 1.3.6.1.5.5.7.3.6, 1.3.6.1.5.5.7.3.7, 1.3.6.1.5.5.7.3.8, 1.3.6.1.5.5.7.3.17
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
nsCertType=sslCA, emailCA, objCA
crlDistributionPoints=URI:http://myhost.com/myca.crl
...但到目前为止还没有成功。
这是许多失败的 TEST 证书之一的 openssl x509 -text 输出。我确实将它与一个有效的匹配,包括了每个选项(甚至是看似无关紧要的选项,如 CRL),但到目前为止还没有成功。
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ed:47:46:38:44:e7:ef:40
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=AU, ST=Some-State, O=TEST, CN=TEST CA
Validity
Not Before: Jun 17 10:18:16 2011 GMT
Not After : Jun 16 10:18:16 2015 GMT
Subject: C=AU, ST=Some-State, O=TEST, CN=TEST CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bf:85:90:c3:2c:30:da:8d:02:c0:6c:11:39:bc:
f4:d7:31:db:a2:bc:04:b6:c2:a4:92:ce:c1:4a:c7:
f9:43:57:6e:bc:c8:30:ee:17:45:46:57:95:37:bb:
7c:06:60:7b:20:a8:60:09:b8:1d:37:7f:26:dc:b2:
db:47:c4:91:91:8c:81:7a:b9:72:ec:0b:c6:90:50:
66:56:d1:05:a2:a0:99:66:ee:57:31:95:7c:04:a2:
4f:48:1f:89:c0:09:5b:cf:3f:09:4c:06:a8:36:99:
0e:c6:b1:27:d9:20:11:c5:fc:ec:cb:20:41:a7:8f:
d5:2a:58:2b:5c:36:f9:03:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
1.3.6.1.5.5.8.2.2, TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, IPSec End System, IPSec Tunnel, IPSec User, Time Stamping, 1.3.6.1.5.5.7.3.17
X509v3 Subject Key Identifier:
CC:A6:77:CE:07:CA:9C:E5:E1:79:C1:2F:52:0D:60:41:C0:FC:2C:02
X509v3 Authority Key Identifier:
keyid:CC:A6:77:CE:07:CA:9C:E5:E1:79:C1:2F:52:0D:60:41:C0:FC:2C:02
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
X509v3 CRL Distribution Points:
URI:http://myhost.com/myca.crl
Signature Algorithm: sha1WithRSAEncryption
69:11:dc:65:4d:f2:af:50:6f:58:56:67:97:fd:26:c4:a4:93:
0e:59:c3:bf:0f:ae:d5:58:9e:33:e3:21:11:7d:8a:fd:dd:10:
11:6e:b3:69:b8:39:28:d4:c9:a4:8f:01:94:d6:96:92:0a:bd:
0d:13:eb:29:5c:d0:7c:7c:12:09:f0:db:c0:fd:7a:4b:33:5d:
d6:68:36:51:a3:8b:b9:92:90:52:ea:7d:13:f6:4e:83:d3:60:
22:c1:c1:b0:9b:f2:72:2c:d1:f7:ae:3c:b0:7c:17:7b:66:a0:
ff:3a:50:ee:56:e4:bc:35:16:fb:65:41:78:1d:32:2d:7f:51:
2b:ce
-----BEGIN CERTIFICATE-----
. . .
我在 Windows 端得到的是:
Error 13801: IKE authentication credentials are unacceptable.
最佳答案
尝试将它们添加到您的计算机的证书存储区而不是您的用户的证书存储区,然后它将起作用。
关于windows-7 - 为 Windows 7 的 IPSec 客户端创建 CA,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6384489/
24
4
0
我想在一些计算机之间建立点对点连接,这样用户就可以在没有外部服务器的情况下聊天和交换文件。我的第一个想法如下: 我在服务器上创建了一个中央 ServerSocket,所有应用程序都可以连接到该服务器。
我正在 Unity 中构建多人游戏。为此,我必须将一些值从客户端发送到两个或多个通过服务器连接的客户端。我想将其构建为服务器真实游戏。客户端将使用 Android,他们的数据将通过服务器同步(可能是一
练习 C 网络编程:我正在编写一个简单的 TCP 客户端-服务器应用程序,它应该将消息(在每个客户端的单独线程中)作为字符串从服务器发送到客户端并在客户端(稍后将成为控制台商店应用程序)。我首先发送消
我使用证书身份验证设置了 AWS Client VPN。我正在为客户端-客户端访问系统进行设置,基本上如 this AWS scenario/example 中所述.一切正常,如果我知道他们的 IP
我正在开发一个小型客户端1/客户端2、服务器(线程)TCP 游戏。在尝试处理延迟问题时,我意识到我的 transmitState() 中存在缺陷。它强制将不必要的信息传递到通讯流中,从而造成迟缓,将汽
来自文档:Configurable token lifetimes in Azure Active Directory (Public Preview) 它提到“ secret 客户端”,刷新 tok
Apollo 客户端开发工具无法连接到我的应用程序。我已在 ApolloClient 构造函数中将 connectToDevTools 传递为 true,但没有任何 react 。我也试过this p
我想在 Pod 内使用 Fabric8 kubernetes 客户端 (java)。如何获取部署集群的 kubernetes 客户端? 我可以使用该集群的 kubeconfig 文件获取任何集群的配置
我正在阅读 the security issue with Log4j我了解此产品受此漏洞影响。但是 Oracle 客户端 11.2 和 12 是否受此问题影响? 我找不到这些产品是否使用任何 Log
Eureka 服务器设置 pom.xml 1.8 Hoxton.SR1 org.springframework.cloud spring
我有一个点对点(客户端/服务器)设置(通过本地 LAN),它使用 Netty,一个 Java 网络框架。我使用原始 TCP/IP(例如,没有 HTTP)进行通信和传输。现在,根据要求,我们希望转向 T
上一篇已经实现了ModbusTcp服务器和8个主要的功能码,只是还没有实现错误处理功能。 但是在测试客户端时却发现了上一篇的一个错误,那就是写数据成功,服务器不需要响应。 接下来要做的就是实现Modb
有没有办法将二维十六进制代码数组转换为 png 图像? 数组看起来像这样(只是更大) [ [ '#FF0000', '#00FF00' ], [ '#0000FF'
我是套接字编程的新手。每次我运行客户端程序时,它都会说“无法连接到服务器”。谁能告诉我我在哪里犯了错误。任何帮助将不胜感激。 这是client.c #include #include #inclu
我们在UNIX环境下制作了简单的client.c和server.c程序。我们使用它来传输一个简单的文本文件,首先打开它,然后读取它并使用 open、read 和 send 系统调用发送;在客户端,我接
当我的程序来自 my previous question正在响应客户端,它应该发送加密消息。 当客户端连接时,它会发送一条类似“YourMessage”的消息。现在我想做的是,当客户端连接时,应该以某
我正在使用 C 和 putty 编写客户端/服务器程序。两个 c 文件位于同一系统上。 我目前在向客户端写回其正在使用的框架以及打印我的框架时遇到问题。它打印出 3 0 9 8,但随后开始打印 134
我正在使用 C 中的 select() 制作一个模拟快餐或其他任何东西的客户端服务器。 我有客户随机点 1-5 种“食物”。服务器每 30 秒决定一次。所有客户最喜欢的食物是什么?他为那些客户提供服务
对于单机游戏,基本的游戏循环是(来源:维基百科) while( user doesn't exit ) check for user input run AI move enemies
1、CentOS安装TortoiseSVN 复制代码 代码如下: yum install -y subversion 2、SVN客户端命令
我是一名优秀的程序员,十分优秀!