Is it working at all?

Post Reply
shylion
Posts: 7
Joined: 22 Jan 2019, 13:10

Is it working at all?

Post by shylion » 06 May 2019, 11:42

Tried to setup windows client, it shows "Error 0x80090308: The token supplied to the function is invalid"

Next i tried to use openssl to check server certificate:

Code: Select all

# openssl s_client -showcerts -connect localhost:443
CONNECTED(00000003)
139672310948288:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1557142451
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
Is that correct output?

Config (sstp part. l2tp and pptp is working):

Code: Select all

[sstp]
verbose=1
ssl-ca-file=/etc/ssl/sstp-ca.crt
ssl-pemfile=/etc/ssl/sstp-cert.pem
ssl-keyfile=/etc/ssl/sstp-key.pem
Certs:
sstp-ca.crt:

Code: Select all

# openssl x509 -noout -text -certopt no_pubkey,no_sigdump -in /etc/ssl/sstp-ca.crt 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b7:99:4b:09:86:76:11:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
        Validity
            Not Before: Dec 13 12:45:44 2018 GMT
            Not After : Nov 30 12:45:44 2068 GMT
        Subject: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                93:DF:37:9A:5B:CE:99:C7:05:F5:40:9D:6B:DA:12:17:31:E3:56:E4
            X509v3 Authority Key Identifier: 
                keyid:93:DF:37:9A:5B:CE:99:C7:05:F5:40:9D:6B:DA:12:17:31:E3:56:E4

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
sstp-cert.pem

Code: Select all

# openssl x509 -noout -text -certopt no_pubkey,no_sigdump -in /etc/ssl/sstp-cert.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            94:a6:5f:ee:66:6f:a1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = devCA root
        Validity
            Not Before: May  6 10:58:44 2019 GMT
            Not After : Apr 15 10:58:44 2040 GMT
        Subject: C = RU, ST = Russia, L = Tyumen, O = MyOrg, OU = IT, CN = dm-gw
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                IP Address:185.x.x.x, DNS:dm-gw, DNS:vpn.changed.ru
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest