On Mon, 9 Jul 2018 09:12:46 +0000 "Veetil, Vyshnav" <[email protected]> wrote:
> Hi, > In Centos 7.4, Pluto crashes in FIPS mode : > Because it expects the password in below format > "NSS FIPS 140-2 Certificate DB:nsspassword" > But it is currently the nsspassword is " NSS Certificate > DB:nsspassword" in the nsspassword files: > 1./etc/ipsec.d/nsspassword > 2:we use our custom nss db location ,in that file also its same. > when we change this nsspassword file to "NSS FIPS 140-2 Certificate > DB:nsspassword" pluto comes up fine. But still the NSS authentication > is failing with the below error in logs: Jun 27 12:36:11: > authentication of "NSS FIPS 140-2 Certificate DB" failed Jun 27 > 12:36:11: FATAL: NSS initialization failure This is not at all a crash. Pluto just exists because it can't open NSS detabase because of partial configuration. In fips mode "NSS Certificate DB" is not used. Instead "NSS FIPS 140-2 Certificate DB" is used - you need to have correct password set in nsspassword file. You can for example have: --- 8< --- NSS Certificate DB:mypassphrase NSS FIPS 140-2 Certificate DB: mypassphrase --- >8 --- First one is being used in non-fips mode, later line is used in fips mode. ps. Please, don't cross post to both swan and swan-dev mailinglists. For configuration issues, use [email protected]. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
