Hi David, Thanks for the explanation. That was helpful! I think I was confused about the difference between private keys and certificates. I don't think that the vpn server I am trying to reach uses certificates then. It just has a port number. On my Windows account, I was able to access this vpn server just knowing the IP address and port number (using Fortclient). A public/private key pair was then used to ssh into a particular host on that network (my own external workstation). How would I use openconnect to access the vpn without needing a certificate (so that I can next ssh into my host computer using my private key)? Thank you. El vie., 10 de may. de 2019 a la(s) 18:24, David Woodhouse (dwmw2@xxxxxxxxxxxxx) escribió: > > On Fri, 2019-05-10 at 12:24 +0900, Ramses Ramirez wrote: > > Hello everyone, > > > > I've have installed openconnect v7.08 on my Centos 7.6 PC through the > > epel repository. However, I run into problems with the server not > > being able to load my certificate in the given location (see below). > > > > I did a "yum list | grep [package]" and find that I have the required > > packages for installation (libxml2, zlib, openssl, and pkg-config). > > > > However, It looks like it is not finding my .pem certificate file. Is > > it a permissions issue or something else? I believe I am using GnuTLS > > instead of openssl (and I don't have a libp11 library from what I can > > tell anyway) > > Thank you for your help in advance. > > > > $ openconnect -c /etc/ssh/rsa_private_key.pem xxx.xxx.xxx.x:10443 > > POST https://xxx.xxx.xxx.x:10443/ > > Connected to xxx.xxx.xxx.x:10443 > > Loading certificate failed: No certificate found in file > > Loading certificate failed. Aborting. > > Failed to open HTTPS connection to xxx.xxx.xxx.x > > Failed to obtain WebVPN cookie > > $ > > > It isn't finding your certificate because you haven't given it one. > What you've given it is a private key. > > The private key is what actually does the cryptographic operation — it > can sign something, and we know that signature can *only* have been > produced by whoever/whatever has access to the private key. > > A certificate is something different. The certificate is a promise, > signed by some other third party (a certificate authority or other > "issuer", about the identity of whoever/whatever owns the corresponding > private key. > > Typically, SSH doesn't use certificates for its host keys. It remembers > the actual *key* of the hosts you connect to, or finds them in DNS or > something. I'd be surprised if you had a certificate which was issued > to your SSH private host key. > > Of course it's *possible*, and maybe your organisation's VPN > certificate provisioning process does use the SSH host key for its > private key. But in that case you should have the certificate > somewhere. _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
