[Swan] Adding host to subnet VPN
Paul Wouters
paul at nohats.ca
Mon Feb 22 02:05:00 UTC 2016
On Sun, 21 Feb 2016, Alex wrote:
> Can I just leave out the subnet declarations where they're not
> necessary?
Yes.
> Also, when I try to use my existing CA to create another cert for the
> new host, it's unable to find it:
>
> # certutil -L -d /etc/ipsec.d
>
> Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> cyclops u,u,u
> DGHQ Authority - MyCompany Inc ,,
> orion u,u,u
>
> # certutil -S -k rsa -c "DGHQ Authority - MyCompany Inc" -n "arcade"
> -s "CN=MyCompany Inc" -v 12 -t "u,u,u" -d /etc/ipsec.d
> ...
> certutil: unable to retrieve key DGHQ Authority - MyCompany Inc:
> SEC_ERROR_NO_KEY: The private key for this certificate cannot be found
> in key database
> certutil: unable to create cert (The private key for this certificate
> cannot be found in key database)
>
> Did I somehow screw up the process of creating the CA in the first place?
possibly. The easist is to create a PKCS#12 file and run "ipsec import file.p12"
Paul
> Thanks,
> Alex
>
More information about the Swan
mailing list