[Swan] Key pair generation failed: "-8037"
Greg Scott
GregScott at infrasupport.com
Fri Jun 28 12:57:20 EEST 2013
So on the assumption my thinking is messed up about preshared keys and RSA keys are something different, I try to generate a new RSA key and get an error that says, key pair generation failed: "-8037". Here is some output, showing the contents of /etc/ipsec.d before and after, and the empty hostkey.secrets file it generates.
[root at NSSSS2013-fw ipsec.d]# ls
cacerts crls hq-ipsec.conf policies sites.conf
[root at NSSSS2013-fw ipsec.d]# ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --verbose --hostname NSSSS2013-fw
getting 60 random bytes from /dev/random...
ipsec rsasigkey: key pair generation failed: "-8037"
[root at NSSSS2013-fw ipsec.d]#
[root at NSSSS2013-fw ipsec.d]# ls
cacerts cert8.db crls hostkey.secrets hq-ipsec.conf key3.db policies secmod.db sites.conf
[root at NSSSS2013-fw ipsec.d]#
[root at NSSSS2013-fw ipsec.d]# more hostkey.secrets
: RSA {
}
# do not change the indenting of that "}"
[root at NSSSS2013-fw ipsec.d]#
In the old openswan days, you needed to make the system busy for /dev/random to work. I've always just started a few windows and done ls / -R in each window. Are the rules different now?
Thanks
- Greg
More information about the Swan
mailing list