On Wed, Jan 30, 2019, at 6:23 AM, Paul Wouters wrote: > On Tue, 29 Jan 2019, Alex wrote: > > > > - How do you delete a key? Using -F doesn't work. > > ipsec -F -d sql:/etc/ipsec.d -n <ckaid> > > > > # certutil -K -d sql:/etc/ipsec.d > > certutil: Checking token "NSS Certificate DB" in slot "NSS User > > Private Key and Certificate Services" > > < 0> rsa a97801beda74b01e2fe3647a87dc9f0e7ad75268 (orphan) > > # certutil -F -d sql:/etc/ipsec.d -n > > a97801beda74b01e2fe3647a87dc9f0e7ad75268 > > # certutil -K -d sql:/etc/ipsec.d > > certutil: Checking token "NSS Certificate DB" in slot "NSS User > > Private Key and Certificate Services" > > < 0> rsa a97801beda74b01e2fe3647a87dc9f0e7ad75268 (orphan) > > I don't think it is possible using certutl. I tend to just nuke the nss > db. > > Paul
>From certutil -H -F Delete a key and associated certificate from the database -n cert-name The nickname of the key to delete -k key-id The key id of the key to delete, obtained using -K -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix So what you want is: certutil -F -d sql:/etc/ipsec.d -k a97801beda74b01e2fe3647a87dc9f0e7ad75268 "-k" not "-n" to specify key id -- K _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
