[Swan] Trying and failing with NSS

Bob Miller bob at computerisms.ca
Tue Dec 22 17:21:14 UTC 2015


>> Note I updated that page recently to add the sql: prefix to all nss
>> commands using -d.
> Hmm. It is not what I'm seeing. No references to sql: on the page
> (https://libreswan.org/wiki/Using_NSS_with_libreswan)

The page in question is here:

https://libreswan.org/wiki/3.14_X509







>>
>>> generated on the server for the server and for OpenVPN. I deleted the
>>> old *.db and pkcs11.txt files in
>>> /etc/ipsec.d then did the following:
>>>       [root at server ipsec.d]# ipsec initnss
>>>       Initializing NSS database
>>>
>>>       [root at server ipsec.d]# certutil -L -d /etc/ipsec.d
>>>       certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
>>> certificate/key database is in an
>>>       old, unsupported format.
>>
>> So that should be: certutil -L -d sql:/etc/ipsec.d
> That works, thanks.
>>
>>>       [root at server ipsec.d]# ipsec import /etc/pki/CA/server.p12
>>>       Enter password for PKCS12 file:
>>>       pk12util: no nickname for cert in PKCS12 file.
>>>       pk12util: using nickname: server.howitts.lan - ClearOS
>>>       pk12util: PKCS12 IMPORT SUCCESSFUL
>>>       correcting trust bits for ca.server.howitts.lan - ClearOS
>>>       [root at server ipsec.d]# certutil -L -d /etc/ipsec.d
>>>       certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
>>> certificate/key database is in an
>>>       old, unsupported format.
>>
>> Same here.
>>
>> Paul
> Nick
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>


More information about the Swan mailing list