[Swan] Certificate import error via ipsec import

Mon May 1 03:19:07 UTC 2017

On Sat, 29 Apr 2017, Muenz, Michael wrote:

> but on the last command ipsec "import debian.p12" I get a:
>
> Enter password for PKCS12 file:
> pk12util: PKCS12 IMPORT SUCCESSFUL
> certutil: Could not find cert: NOC CA
> : PR_FILE_NOT_FOUND_ERROR: File not found
>
> The CA is there:
> root at debian:~# certutil -L -d test/
>
> Certificate Nickname                                         Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> mobile                                                       u,u,u
> NOC CA                                                       CTu,u,u
> debian                                                       u,u,u

CTu,u,u looks weird. This is normally just CT,,

Note "ipsec import" works against /etc/ipsec.d per default. same for
"ipsec initnss", so I'm not sure how that relates to your "test/"
directory.

> And also when I extract the .p12 with openssl the CA certificate is included.
> What exactly does this error mean? Will I have to execute the command in a 
> different folder?

The PKCS#12 file should contain the CA cert, the EE cert and the private
key.

Paul