[Swan-dev] Certificates & importing

Štěpán Brož stepan at izitra.cz
Mon Jul 20 12:40:41 UTC 2020


Hello!

so 18. 7. 2020 v 18:28 odesílatel Balaji Thoguluva <tbbalaji at gmail.com>
napsal:

>
> 1) Does Libreswan take certificates (end entity and CA) and private key in
> PEM formats?
>

You can import PEM formatted x509 certificates into the NSS database, yes.
However, a key pair either needs to be generated using "certutil", or
imported in the form of an PKCS #12 container using "ipsec import".
Alternatively, the "pk12util" utility can also be used for importing.


>
> 2) Also is there any way we can import the certificate in NSS without the
> user intervention of password prompt in a single command?
>
>
The "pk12util" does take both the NSS database (-k <slotpassfile> or -K
<slotpassword>) and PKCS #12 passwords (-w <p12passfile> or -W <p12pass>)
as command line arguments.

Regards,
Stepan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200720/bb1183a8/attachment.html>


More information about the Swan-dev mailing list