On Fri, 19 Aug 2016, Sowmini Varadhan wrote:
Now, when I run # openssl pkcs12 -in java/boo.pkcs12 -nodes -passin pass:$passwd
You need: openssl pkcs12 -export -out cert.p123 -inkey privateKey.key -in certificate.crt -certfile CACert.crt You seem to be using a pkcs12 file as import, and only removing the password from it. So it all depends if your java/boo.pkcs12 contains the right items. I assume not.
I see that the output has both a PRIVATE KEY and a CERTIFICATE section. I'm able to do "ipesc import boo.pkcs12", and follow the rest of the commands from my email (including populating ipsec.secrets) but the tunnel is still not activated. Should I be copying the *.cert somewhere (where?). How (what command) did you determine that the NSS db doesnt show a CA?
certutil -L -d sql:/etc/ipsec.d (or on older versions: certutil -L -d etc/ipsec.d) It should show 1x cert plus 1x CA cert. The CA cert you can see has the "CT,," trust bits set. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
