[Swan] [libreswan] "/etc/ipsec.d/{ca|aa}certs: No such file or directory" after "ipsec setup start" (#2)
Tuomo Soini
tis at foobar.fi
Sun Mar 3 20:29:17 EET 2013
On Wed, 27 Feb 2013 12:51:54 -0500 (EST)
Paul Wouters <pwouters at redhat.com> wrote:
> On Wed, 27 Feb 2013, T.J. Yang wrote:
>
> > Anyway to silence the following errors ? For a basic PSK setup with
> > certificate creation, following error messages in pluto log file.
> >
> > Could not change to directory '/etc/ipsec.d/cacerts': No such file
> > or directory Could not change to directory '/etc/ipsec.d/aacerts':
> > No such file or directory Could not change to directory
> > '/etc/ipsec.d/crls': 2 No such file or directory
> I think we do need the crls one because we _do_ real CRLs from there.
> I don't think we read AAcerts at all. I am not sure if we still take
> CAcerts outside of the NSS db?
Directory crls is used and needed.
So is cacerts - that's where from we load 3rd party cacerts for
veryfying remote certificates. That all works. Our own cacert is in
nss db when imported from pkcs12 bundle.
I don't know any use for aacerts currently.
Make install does generates all these directories.
I'd like to know how was libreswan installed because make programs
install does generate these dirs.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan
mailing list