[Swan] Struggling with certificates

Paul Wouters paul at nohats.ca
Wed Jan 28 00:24:42 EET 2015

On Tue, 27 Jan 2015, Nick Howitt wrote:

> I'm trying to see if I can set up a VPN with Windows Phone 8.1 and I've fallen over before even getting as far as
> the phone. I cannot get Libreswan to read the certificate I created. I've used the instructions at

You need to be VERY precise with your Extended Key Usage (EKU)
attributes. And then still as far as I know, there is only rumors of
this working with EAP, not with just a machine certificate.

Note that you MUST have a SIM card in the phone or else all certificates
silently fail to import. Also when removing the SIM, the imported
certificates will NOT be available. That's a few days of Antony's and
my life we're not getting back :P

Tuomo recently mumbled there is a software update coming for these
phones that might address this issue.


More information about the Swan mailing list