> I suspect that openconnect does not like PKCS #12 in PEM format. It does > however like DER format. Easy solution is to change the certtool example > in > ocserv(8) to include the --outder switch. Real solution would be enabling > openconnect to accept both PEM and DER format. Implementation of the > latter is > out of my league. It shouldn't be hard to fix that in OpenConnect. It's just that I've never actually seen a PKCS#12 file in PEM format. -- dwmw2
