Hi, > > At least the second one was created on this host but has now > > disappeared. How do I delete those broken keys without having to > > remove the whole database? What could cause this to happen? > > certutil -F -d sql:/etc/ipsec.d -n 34127e44f0718fc6d6ad34c089db926e1bb4d7df > > use the ckaid shown for the key you want to delete.
This doesn't work to delete keys. # certutil -d sql:/etc/ipsec.d -K certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa 5ce9dc013e5db261d0b209bfd44310838e532bbd (orphan) < 1> rsa 011362e5b659d0be2eb44404ad19e9a5597d2fe3 (orphan) < 2> rsa 10a77db2b8a96157b434c9576c12652030176392 (orphan) < 3> rsa 1b45327e14355ab3680f2c274ef49c8e139640e9 (orphan) < 4> rsa b7c6792120dd97b1ec613872299c5935c8af8b6f (orphan) < 5> rsa 782dc89a5b8c269edff2f700d602a9f6844c0304 (orphan) < 6> rsa ed8a3838f2be4c86687f019f59fd190f7b9fbef7 (orphan) < 7> rsa 109bcf50bd09f4d5793fc5a2ce7c8f4942f65237 (orphan) < 8> rsa 5abc65ac52d8c5754b94e35fa203b30c48ec8db1 (orphan) < 9> rsa 90f00e56271865f03c181d7acf4cf3218d09b5e5 (orphan) # certutil -d sql:/etc/ipsec.d -F -n 90f00e56271865f03c181d7acf4cf3218d09b5e5 Running "certutil -d sql:/etc/ipsec.d -K" again shows the same set of keys. I don't understand why I was able to create a tunnel between hostA (arcade) and hostB (mail03) but not hostA (arcade) and hostC (orion) using the exact same method. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
