On 21/12/2015 22:30, Paul Wouters
wrote:
On Mon, 21 Dec 2015, Nick Howitt wrote:
I've just upgraded to 3.16 and I thought
I'd have a go at IKEv2 on a road warrior but I'm stuck with the
NSS/certificates bit. I'm trying to use information gleaned from
the Wiki, and use certificates already
Note I updated that page recently to add the sql: prefix to all
nss
commands using -d.
Hmm. It is not what I'm seeing. No references to sql: on the page
(https://libreswan.org/wiki/Using_NSS_with_libreswan)
generated on the server for the server and
for OpenVPN. I deleted the old *.db and pkcs11.txt files in
/etc/ipsec.d then did the following:
[root@server ipsec.d]# ipsec initnss
Initializing NSS database
[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an
old, unsupported format.
So that should be: certutil -L -d sql:/etc/ipsec.d
That works, thanks.
[root@server ipsec.d]# ipsec import
/etc/pki/CA/server.p12
Enter password for PKCS12 file:
pk12util: no nickname for cert in PKCS12 file.
pk12util: using nickname: server.howitts.lan - ClearOS
pk12util: PKCS12 IMPORT SUCCESSFUL
correcting trust bits for ca.server.howitts.lan - ClearOS
[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an
old, unsupported format.
Same here.
Paul
Nick
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
