[Swan] Does libreswan 1.15 have a problem with spaces in CA common names/nicknames

Paul Wouters paul at nohats.ca
Tue Sep 8 12:33:40 UTC 2015


On Tue, 8 Sep 2015, Tony Whyman wrote:

> Subject: [Swan] Does libreswan 1.15 have a problem with spaces in CA common
>     names/nicknames

> certutil -L -d sql:/etc/ipsec.d
>
> Certificate Nickname                                         Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> rebecca.mwassocs.co.uk                                       u,u,u
> MWA Root CA                                                  ,,

You are missing the trust bits on your CA certificate. Upgrading should
have caused you to run ipsec --checknss which should have added the
trust bits for you. I wonder what that did not happen.

try:

certutil -M -d sql:/etc/ipsec.d -n "MWA Root CA" -t 'CT,,'

Paul


More information about the Swan mailing list