[Swan] Trying and failing with NSS

Nick Howitt Mon, 21 Dec 2015 13:00:58 -0800

Hi,
I've just upgraded to 3.16 and I thought I'd have a go at IKEv2 on a road warrior but I'm stuck with the NSS/certificates bit. I'm trying to use information gleaned from the Wiki, and use certificates already generated on the server for the server and for OpenVPN. I deleted the old *.db and pkcs11.txt files in /etc/ipsec.d then did the following:

[root@server ipsec.d]# ipsec initnss
Initializing NSS database

[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
[root@server ipsec.d]# ipsec import /etc/pki/CA/server.p12
Enter password for PKCS12 file:
pk12util: no nickname for cert in PKCS12 file.
pk12util: using nickname: server.howitts.lan - ClearOS
pk12util: PKCS12 IMPORT SUCCESSFUL
correcting trust bits for ca.server.howitts.lan - ClearOS
[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

I think the database is being successfully created. I get a cert9.db, key4.db and pkcs11.txt files. The import of the CA cert seems to be OK but I can't get anything out of it so I can't check. Importing another certificate does not help.

Have I done something wrong?

Regards,

Nick

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

[Swan] Trying and failing with NSS

Reply via email to