[Swan] Struggling with certificates
Matt Rogers
mrogers at redhat.com
Tue Jan 27 23:25:33 EET 2015
On 01/27, Nick Howitt wrote:
> <blockquote><tt>002 forgetting secrets</tt><br>
> <tt>002 loading secrets from "/etc/ipsec.secrets"</tt><br>
> <tt>002 loading secrets from "/etc/ipsec.d/ipsec.secrets"</tt><br>
> <tt>002 could not open host cert with nick name 'alex' in NSS
> DB</tt><br>
> <tt>003 "/etc/ipsec.d/ipsec.secrets" line 1: NSS certficate not
> found</tt><br>
> <tt>002 loading secrets from
> "/etc/ipsec.d/ipsec.unmanaged.MumIn.secrets"</tt><br>
> <tt>002 loading secrets from
> "/etc/ipsec.d/ipsec.unmanaged.PaulIn.secrets"</tt><br>
> </blockquote>
> Similarly loading the conn gives:<br>
> <blockquote><tt>ipsec auto --add roadwarriors</tt><br>
> <tt>000 leftcert with the nickname "alex" does not exist in NSS db</tt><br>
> </blockquote>
> Any idea where I've gone wrong?<br>
Did you do the db and cert creation while pluto was running? If so you'll have
to restart pluto. But other than having a locked db with no nsspassword file, it
should not have any trouble finding a certificate by the correct nickname.
Regards,
Matt
More information about the Swan
mailing list