Hello,
I am having trouble installing a CA certificate on my Desire which I need to get access to my company's IPSec VPN.
I understand the proper way to do this is to pack user certificate, user key and CA certificate into a single PKCS12 file, put it on the SD card and use the built-in certificate installation tool to unpack and install the certificates.
I have my user cert and key packed into a single PEM file and the CA in a separate CRT file. I packed them to a single p12 file using the OpenSSL tool:
openssl.exe pkcs12 -export -in pem-certificate-and-key-file.pem -certfile cafile.crt -out pkcs12file.p12
However, when installing the p12 file on the Desire from the SD card, it only installs the user cert and key, ignoring the CA certificate. Thus, I can't set up an IPSec VPN.
I also tried putting the CA crt file on a web site and installing it using the browser, but the browser thinks is is a user certificate rather than a CA cert and installs it as such.
Is this a bug, or am I doing something wrong? Did anyone even manage to get this to work? Any suggestions would be much appreciated. I already mailed HTC support a few days ago, but didn't get an answer do far.
I am having trouble installing a CA certificate on my Desire which I need to get access to my company's IPSec VPN.
I understand the proper way to do this is to pack user certificate, user key and CA certificate into a single PKCS12 file, put it on the SD card and use the built-in certificate installation tool to unpack and install the certificates.
I have my user cert and key packed into a single PEM file and the CA in a separate CRT file. I packed them to a single p12 file using the OpenSSL tool:
openssl.exe pkcs12 -export -in pem-certificate-and-key-file.pem -certfile cafile.crt -out pkcs12file.p12
However, when installing the p12 file on the Desire from the SD card, it only installs the user cert and key, ignoring the CA certificate. Thus, I can't set up an IPSec VPN.
I also tried putting the CA crt file on a web site and installing it using the browser, but the browser thinks is is a user certificate rather than a CA cert and installs it as such.
Is this a bug, or am I doing something wrong? Did anyone even manage to get this to work? Any suggestions would be much appreciated. I already mailed HTC support a few days ago, but didn't get an answer do far.