Comments on: Configuring an IPsec tunnel between Openswan and Windows 2000/XP with x509 http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/ All geek, most of the time Wed, 08 Feb 2012 15:03:29 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Simon Tang http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/comment-page-1/#comment-312396 Simon Tang Wed, 11 May 2011 01:53:43 +0000 http://www.natecarlson.com/?p=303#comment-312396 Hi,I encountered a problem using your method. the following is the problem: when I use the the following command: openssl pkcs12 -export -in winhost.example.com.pem -inkey winhost.example.com.key -certfile demoCA/cacert.pem -out winhost.example.com.p12, it said unable to load private key. How can I solve the problem? Please help me, Thank you very much! Hi,I encountered a problem using your method. the following is the problem:
when I use the the following command: openssl pkcs12 -export -in winhost.example.com.pem -inkey winhost.example.com.key -certfile demoCA/cacert.pem -out winhost.example.com.p12, it said unable to load private key.
How can I solve the problem? Please help me, Thank you very much!

]]> By: ocii http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/comment-page-1/#comment-312222 ocii Thu, 09 Dec 2010 13:59:32 +0000 http://www.natecarlson.com/?p=303#comment-312222 Hi, i had the same error what i did wrong: i renamed newreq.pem to host.example.com.key but when i renamed newkey.pem to host.example.com.key everything works fine thx for this great tutorial Hi, i had the same error

what i did wrong:

i renamed newreq.pem to host.example.com.key

but when i renamed newkey.pem to host.example.com.key

everything works fine

thx for this great tutorial

]]> By: Chap http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/comment-page-1/#comment-312175 Chap Fri, 22 Oct 2010 11:18:12 +0000 http://www.natecarlson.com/?p=303#comment-312175 Hi, i got the same Error as Gab. What can I do? Hi, i got the same Error as Gab. What can I do?

]]> By: Gab http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/comment-page-1/#comment-312105 Gab Tue, 31 Aug 2010 23:00:57 +0000 http://www.natecarlson.com/?p=303#comment-312105 I've followed all steps and something is wrong with: openssl pkcs12 -export -in winhost.example.com.pem -inkey winhost.example.com.key -certfile I got the message: " unable to load private key " seems that I have to use the file : demoCA/private/cakey.pem ? Thanks in advanced gab I’ve followed all steps and something is wrong with:

openssl pkcs12 -export -in winhost.example.com.pem -inkey winhost.example.com.key -certfile

I got the message: ” unable to load private key ”

seems that I have to use the file : demoCA/private/cakey.pem ?

Thanks in advanced
gab

]]> By: sean http://www.natecarlson.com/2007/07/30/configuring-an-ipsec-tunnel-between-openswan-and-windows-2000-xp/comment-page-1/#comment-312066 sean Fri, 20 Aug 2010 09:00:03 +0000 http://www.natecarlson.com/?p=303#comment-312066 just an aside, while doing this, i kept hitting this error during the last part of Step 4 under "setting up your certificate authority" # openssl ca -gencrl -out crl.pem Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: ./demoCA/crlnumber: No such file or directory error while loading CRL number 11493:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('./demoCA/crlnumber','r') 11493:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: googling it i found this https://lists.strongswan.org/pipermail/users/2006-February/001286.html I have had the same problem today. I resolved it by commenting out the following line in my /etc/ssl/openssl.cnf: crlnumber = $dir/crlnumber # the current crl number The line is followed by a comment, that makes me think this is okay: # must be commented out to leave a V1 CRL which worked for me too. just FYI for anybody else following this guide. just an aside, while doing this, i kept hitting this error during the last part of Step 4 under “setting up your certificate authority”
# openssl ca -gencrl -out crl.pem
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
./demoCA/crlnumber: No such file or directory
error while loading CRL number
11493:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen(‘./demoCA/crlnumber’,'r’)
11493:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:

googling it i found this

https://lists.strongswan.org/pipermail/users/2006-February/001286.html

I have had the same problem today. I resolved it by commenting out the following line in my /etc/ssl/openssl.cnf:
crlnumber = $dir/crlnumber # the current crl number
The line is followed by a comment, that makes me think this is okay:
# must be commented out to leave a V1 CRL

which worked for me too. just FYI for anybody else following this guide.

]]>