4. (cryptoapicert?) RESOLVED

(cryptoapicert?) RESOLVED

  • A

    so.. despite having not much experience w/ VPNs (been running m0n0wall w/ a PPTP server /w radius authentication for about 1yr…. pretty dang easy to set up)

    I recently started messing w/ pfsense to try it out vs m0n0wall... I was kinda excited by the OpenVPN capabilities and wanted to have a go with securing my wifi over OpenVPN

    using the outbound NAT and push "redirect-gateway def1"; i know seem to have succeded in getting OpenVPN up and running and routing everything over the VPN

    (along with pushing DNS and WINS to my win2k3 server... i have access to the LAN from the Wifi interface)

    I'm pretty happy w/ myself for getting this much working after messing w/ it for a "few" hours  :)

    BUT... there is something I can't for the life of me figure out

    cryptoapicert

    the documentation has been apparently not enough for my "limited" understanding of CAs / keys... the Windows CA store... to get this going

    I imported my client key to the "Local Computer / Personal" and my .ovpn client config looks like this

    float

port 1194

dev tun

dev-node monkeybase

proto tcp-client

remote XXXX.com 1194

ping 10

persist-tun

persist-key

tls-client

ca ca.crt

cryptoapicert "THUMB:05 28 ......"

#key client2.key

ns-cert-type server

comp-lzo

pull

verb 4

    but it gets a error message

    
Sun Oct 21 17:13:07 2007 us=188717 Cannot load certificate "THUMB:05 28 ....." from Microsoft Certificate Store: error:C5066064:microsoft cryptoapi:CryptAcquireCertificatePrivateKey:Cannot find the certificate and private key for decryption.
Sun Oct 21 17:13:07 2007 us=408817 Exiting

    sooo... I'm apparently doing something wrong w/ importing the ca to the windows store... can anyone expand on this process as it is pretty "vague" in the documentation... (maybe the "rightfully" expect u to have more of an idea what you are doing if you are trying this.... :)  but i don't so .... if someone could possibly help me out that would be super and most appriciated.

    best regards and thank you for taking the time to read this.

    NEVER MIND FIGURED IT OUT

    I was apparently not aware i need to use openSSL to make a PKCS12 file for the ca /key

    anyways in case anyone else is searching later and confused about the cryptoapicert thing

    http://www.informit.com/articles/article.aspx?p=387173&seqNum=9&rl=1

    is the article that got me going.

    Best Regards

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy