[Swan] Importing keypairs from keytool
sowmini.varadhan at oracle.com
Fri Aug 19 14:52:00 UTC 2016
On (08/18/16 15:07), Paul Wouters wrote:
> Your pkcs12 file must include the CA certificate. Your NSS db doesn't
> show any CA. I assume your Java export was incomplete
After you pointed this out, I tried the following set of commands
# keytool -genkeypair [...] -keystore java/boo.pkcs12
# keytool -exportcert [...] -keystore java/boo.pkcs12 -file java/boo.cert
Now, when I run
# openssl pkcs12 -in java/boo.pkcs12 -nodes -passin pass:$passwd
I see that the output has both a PRIVATE KEY and a CERTIFICATE section.
I'm able to do "ipesc import boo.pkcs12", and follow the rest
of the commands from my email (including populating ipsec.secrets) but
the tunnel is still not activated.
Should I be copying the *.cert somewhere (where?). How (what command)
did you determine that the NSS db doesnt show a CA?
More information about the Swan