On Wed, 2011-01-12 at 11:10 +0100, Guillaume Rousse wrote: > > Here is my client command line: > ~/.juniper_networks/network_connect/ncsvc \ > -h beria.zarb.home \ > -u rousse \ > -r smi \ > -f /etc/pki/tls/certs/localhost.crt There's no -m option here. If you look in ~/.juniper_networks/network_connect/ncsvc.log you'll probably see a line like: 20101228160000.207947 ncsvc[p21179.t21179] dsssl.error ive_cert_hash = 6f13afc3c6815ab480b2ddc27406ba4b, computed_hash = ecb77116a55194c4dfba8e9aa0cc862e (DSSSLSock.cpp:761) It doesn't like the self-signed cert on your "server". For the above example log line, you want to add '-m ecb77116a55194c4dfba8e9aa0cc862e' to your ncsvc invocation. Obviously, yours will differ from mine. You *may* need to use the -m option with a dummy argument just to make it give this log line; I'm not sure. -- dwmw2
