11-03-2011 09:08 AM
I'm currently trying to setup a vpn connection on my Defy+, that is supplied with the QuickSec IPSec VPN client. As I can read in the Documentation "Authentic VPN Client Guide 12/2/10", this IPSec Client should be able to make a connection to our IKEv2 Gateway.
We are using x509 certificates to authenticate against the IPSec Gateway. So the first step I had to do, is to prepare my PKCS12 user certificate to make it in the right form, and save it to the smart-phone.
After copying the end-user/CA- DER/BER-encoded certificate and the PKCS#8 formatted private key to the vpn/certificate directory on the smartphone, I started to configure the connection on the smartphone with the vpn-gui, I choose the "extended IPsec-VPN", then I got a "certificate error" with the message "the certificate user.crt is invalid and can not be read". Needless to say, I can not setup a vpn-connection, because there is no user-certificate to choose in the gui. The interesting thing, I can choose the CA-Certificate, that I also copied together with the user certificate to the "certificate"-location on the smart-phone. So, something went wrong with the user-certificate, may someone can give me a hint about that. Are there any constraints about the user-certificate, Where can I get further documentation. Any help would be helpful.
Motorola Defy+ (MB526) Android 2.3.4
IPSec Gateway strongSwan
01-23-2012 01:04 PM
Try the following:
Make sure that both the private key and certificate have the same name but have different file types. See the example below using the name "ssg5" for both the private key and certificate:
The certificate is named ssg5.pkcs8 and the key is named ssg5.crt.
Both of these files need to be copied to the phone's sdcard\vpn\templates
This should resolve your issue.
02-09-2012 01:23 AM
Thanks for your answer. Both, the certificate and the key, have the same name:
the certificate wipe.crt and the key wipe.pkcs8
wipe.crt is DER-encoded
wipe.pkcs8 is PKCS#8 format key
and i put the files to sdcard\vpn\certificates
when i try to setup a vpn-connection with the gui: wireless\vpn-settings\extended-ipsec-vpn
i got the error message "The certificate wipe.crt is invalid and can not be read"
However the certificate wipe.crt is exported from Windows and seems to be ok ...