I have two 1.4.8 boxes with net<->net vpn working correctly between them using pre-shared keys.
I also have roadwarrior vpn on a macintosh OSX laptop working correctly to both boxes with certificates and IPSecuritas ... thank you to:
I would like to move to certificates for the net<->net vpn, and I have followed the Draft VPN Documentation at:
I'm getting stuck on:
18.104.22.168.2 X.509 Certificates
Upload the first IPCop hostcert.pem files to the secondary IPCop. Then upload the secondary IPCop hostcert.pem files to the first IPCop.
I'm confused by the plural "files", and in addition getting an error. Each IPCop has a hostcert.pem file and a cacert.pem file. The hostcert.pem files work fine for the host<->net connections. I did not need to use the cacert.pem files for those.
I have tried uploading both hostcert.pem and cacert.pem (when the former did not work) saved from the "left" box to the "right" box, and vice versa. On all four "save" attempts I get a red outlined screen with the error:
"Certificate does not have a valid CA associated with it"
In generating the root/host certificates for the left and right boxes, I was prompted to enter "CA or email address", so I entered my email address. Clicking the "info" icon on the root and host certificates of both boxes, all four show:
Searching this forum revealed a couple posts with a similar issue, but I could not find a post with a resolution. As always, any guidance, help, or "look here" would be greatly appreciated.