[Swan] Certificate import error via ipsec import
Matt Rogers
mrogers at redhat.com
Tue May 2 13:54:22 UTC 2017
On Sun, Apr 30, 2017 at 11:19 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Sat, 29 Apr 2017, Muenz, Michael wrote:
>
>> but on the last command ipsec "import debian.p12" I get a:
>>
>> Enter password for PKCS12 file:
>> pk12util: PKCS12 IMPORT SUCCESSFUL
>> certutil: Could not find cert: NOC CA
>> : PR_FILE_NOT_FOUND_ERROR: File not found
>>
>> The CA is there:
>> root at debian:~# certutil -L -d test/
>>
>> Certificate Nickname Trust
>> Attributes
>> SSL,S/MIME,JAR/XPI
>>
>> mobile u,u,u
>> NOC CA CTu,u,u
>> debian u,u,u
>
>
> CTu,u,u looks weird. This is normally just CT,,
>
That will show up on the DB that the CA was created with (in test/),
as the CA's private key is there. But the PR_FILE_NOT_FOUND_ERROR
makes it seem like the CA cert could just not be imported from the
p12. A corrupt p12 file maybe?
> Note "ipsec import" works against /etc/ipsec.d per default. same for
> "ipsec initnss", so I'm not sure how that relates to your "test/"
> directory.
>
>> And also when I extract the .p12 with openssl the CA certificate is
>> included.
>> What exactly does this error mean? Will I have to execute the command in a
>> different folder?
>
>
> The PKCS#12 file should contain the CA cert, the EE cert and the private
> key.
>
> Paul
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list