I
get this event from my w2k ipsec client during IKE negotiation. My root certificate was generated by
openssl on Linux and installed in the w2k trusted authority store. The client certificate request was
generated on the client (XEnroll.createPKCS10), signed by the CA on the Linux
server and installed in the LOCAL_MACHINE/personal store on the client
(XEnroll.acceptPKCS7). During
the IKE negotiations, the w2k client gives event #547 (IKE failed to find valid
machine certificate). I
tried switching to using a w2k-generated CA and client cert, and ipsec was able
to find the cert okay. Any
clues as to what is wrong or how to get more information? Are
there any requirements about the DN of the client cert? Thanks. |