[Swan] Does libreswan 1.15 have a problem with spaces in CA common names/nicknames
Paul Wouters
paul at nohats.ca
Tue Sep 8 12:33:40 UTC 2015
On Tue, 8 Sep 2015, Tony Whyman wrote:
> Subject: [Swan] Does libreswan 1.15 have a problem with spaces in CA common
> names/nicknames
> certutil -L -d sql:/etc/ipsec.d
>
> Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> rebecca.mwassocs.co.uk u,u,u
> MWA Root CA ,,
You are missing the trust bits on your CA certificate. Upgrading should
have caused you to run ipsec --checknss which should have added the
trust bits for you. I wonder what that did not happen.
try:
certutil -M -d sql:/etc/ipsec.d -n "MWA Root CA" -t 'CT,,'
Paul
More information about the Swan
mailing list