[Swan] Struggling with certificates

Matt Rogers mrogers at redhat.com
Tue Jan 27 23:25:33 EET 2015

On 01/27, Nick Howitt wrote:
>     <blockquote><tt>002 forgetting secrets</tt><br>
>       <tt>002 loading secrets from "/etc/ipsec.secrets"</tt><br>
>       <tt>002 loading secrets from "/etc/ipsec.d/ipsec.secrets"</tt><br>
>       <tt>002     could not open host cert with nick name 'alex' in NSS
>         DB</tt><br>
>       <tt>003 "/etc/ipsec.d/ipsec.secrets" line 1: NSS certficate not
>         found</tt><br>
>       <tt>002 loading secrets from
>         "/etc/ipsec.d/ipsec.unmanaged.MumIn.secrets"</tt><br>
>       <tt>002 loading secrets from
>         "/etc/ipsec.d/ipsec.unmanaged.PaulIn.secrets"</tt><br>
>     </blockquote>
>     Similarly loading the conn gives:<br>
>     <blockquote><tt>ipsec auto --add roadwarriors</tt><br>
>       <tt>000 leftcert with the nickname "alex" does not exist in NSS db</tt><br>
>     </blockquote>
>     Any idea where I've gone wrong?<br>

Did you do the db and cert creation while pluto was running? If so you'll have
to restart pluto. But other than having a locked db with no nsspassword file, it
should not have any trouble finding a certificate by the correct nickname.


More information about the Swan mailing list