On (08/18/16 15:07), Paul Wouters wrote: > > Your pkcs12 file must include the CA certificate. Your NSS db doesn't > show any CA. I assume your Java export was incomplete
After you pointed this out, I tried the following set of commands # keytool -genkeypair [...] -keystore java/boo.pkcs12 # keytool -exportcert [...] -keystore java/boo.pkcs12 -file java/boo.cert Now, when I run # openssl pkcs12 -in java/boo.pkcs12 -nodes -passin pass:$passwd I see that the output has both a PRIVATE KEY and a CERTIFICATE section. I'm able to do "ipesc import boo.pkcs12", and follow the rest of the commands from my email (including populating ipsec.secrets) but the tunnel is still not activated. Should I be copying the *.cert somewhere (where?). How (what command) did you determine that the NSS db doesnt show a CA? --Sowmini _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
