[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

RE: [fw1-gurus] IKE: Main Mode Sent Notification to Peer: invalidcertificate

Subject: RE: [fw1-gurus] IKE: Main Mode Sent Notification to Peer: invalidcertificate
From: "Jacobsson, Jacob" <jacob.jacobsson@xxxxxx>
To: <juan.concepcion@xxxxxxxxxxx>
Cc: <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Dec 2004 09:40:14 +0100

The expirationdate on the certificate is '5 Dec 2023' so it should work for atleast 18 more years :)
The tunnel was originally setup for about a year ago, and is using the original certificate.

Many thanks for all support!
Merry Xmas and Happy New Year!
//Jacob

> -----Original Message-----
> From: Juan Concepcion [mailto:juan.concepcion@xxxxxxxxxxx]
> Sent: den 27 december 2004 14:49
> To: Jacobsson, Jacob
> Cc: fw1-gurus@xxxxxxxxxxxxxxxxxx
> Subject: Re: [fw1-gurus] IKE: Main Mode Sent Notification to Peer:
> invalidcertificate
> 
> 
> What is the expiration date on the certificate that was 
> originally being 
> used?
> 
> Juan
> 
> Jacobsson, Jacob wrote:
> > Hello all,
> > 
> > We got a really strange thing that happend.
> > Without any change in environment the night between 16 and 
> 17 dec. One of our VPN tunnels just dropped with the 
> following error messages:
> > IKE key install: "IKE: Main Mode Sent Notification to Peer: 
> invalid certificate"
> > reject: "IKE: Main Mode No valid CRL CN=foo-bar VPN 
> Certificate,O=foo-bar..."
> > drop: "encryption fail reason: Packet is dropped because 
> there is no valid SA - please refer to solution sk19423 in 
> SecureKnowlege Database for more information."
> > We have checked that the time is syncronized between the 
> nodes, and that there are the correct certificates, they 
> should be valid until Dec. 2023.
> > As a workaround we have enabled "shared secret" and then 
> the VPN then work with no problem, but we would like to 
> enable the use of certificates for authentication.
> > Does anyone have any idea what could have caused this?
> > 
> > Thanks in advanced!
> > BR.
> > //Jacob
> > 
> > -------------------------------------------------------------
> > 
> > Jacob Jacobson
> > GDIS EMEA SDO Network
> > 
> > Hewlett Packard Sverige AB
> > HP Services
> > SE-125 44 Stockholm
> > Visiting address: 230 Gotalandsvagen, Stockholm
> > 
> > Phone: +46 (0)8 524 94537
> > Email:  jacob.jacobsson@xxxxxx
> > Web:   <http://www.hp.se/>
> > -------------------------------------------------------------
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
> > To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
> > For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx
> > 
> > 
> 

---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx

Prev by Date: Re: [fw1-gurus] SIP Dropped
Next by Date: RE: [fw1-gurus] Assign a fix IP address for SecureClient inOfficeMode?
Previous by thread: [fw1-gurus] problem with web visualization tools.
Next by thread: RE: [fw1-gurus] IKE: Main Mode Sent Notification to Peer: invalidcertificate
Index(es):
- Date
- Thread