On my debian machines I put the NSS database at /etc/ipsec.d, but I have
to use the sql argument:
certutil -L -d sql:/etc/ipsec.d
On 2019-11-27 6:38 p.m., Paul Wouters wrote:
Debian’s nss db lives in /var/lib/ipsec/nss instead of /etc/ipsec.d
Sent from my iPhone
On Nov 27, 2019, at 22:39, MARSON Ismenia
<[email protected]
<mailto:[email protected]>> wrote:
Hi all,
I'm using libreswan on debian10, i want to do ipsec with certificate
exchange.
I follow this instructions
https://github.com/libreswan/libreswan/blob/master/docs/nss-howto.txt
But libreswan doesn't recognize my user certificate:
The error is:
root@XXX:/etc/ipsec.d# ipsec auto --add mytunnel
000 left certificate with nickname 'usercert1' was not found in NSS DB
But when I list my certificates with certutil I see This:
root@XXX:/etc/ipsec.d# certutil -L -d /etc/ipsec.d
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
ipsec-client.ads.local - LOCAL u,u,u
cacert1 Cu,Cu,Cu
_usercert1 _ u,u,u
=> the certificate is in NSS DB so i don't understand what is the
problem.
My conf file is like:
root@XXX:/etc/ipsec.d# less my_host-to-host.conf
conn mytunnel
left="IP_left"
leftid="CN=usercert1"
leftsourceip="IP_left"
leftrsasigkey=%cert
leftcert=usercert1
leftnexthop="IP_right"
right="IP_right"
rightid="CN=usercert2"
rightsourceip="IP_right"
rightrsasigkey=%cert
rightnexthop="IP_left"
rekey=no
esp="aes-sha1"
ike="aes-sha1"
auto=add
Can you help me please?
------------------------------------------------------------------------
Ce courriel et les documents qui lui sont joints sont, sauf mention
contraire, présumés de nature confidentielle et destinées à l'usage
exclusif du ou des destinataire(s) mentionné(s). Si vous n'êtes pas le
ou les destinataire(s), vous êtes informé(e) que toute divulgation,
reproduction, distribution, toute autre diffusion ou utilisation de
cette communication ou de tout ou partie de ces informations est
strictement interdite, sauf accord préalable de l’expéditeur. Si ce
message vous a été transmis par erreur, merci d’immédiatement en
informer l'expéditeur et supprimer de votre système informatique ce
courriel ainsi que tous les documents qui y sont attachés. En vous
remerciant de votre coopération.
This email and any attached documents are, unless otherwise stated,
presumed to be confidential and intended for the exclusive use of the
recipient(s) mentioned. If you are not the recipient(s), you are
informed that any disclosure, reproduction, distribution, any other
dissemination or use of this communication or all or part of this
information is strictly prohibited, unless agreed beforehand by the
sender. If you have received this e-mail in error, please immediately
advise the sender and delete this e-mail and all the attached
documents from your computer system. Thanking you for your cooperation.
_______________________________________________
Swan mailing list
[email protected] <mailto:[email protected]>
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
