[Swan] private key for cert Thor not found in local cache; loading from NSS DB
Paul Wouters
paul at nohats.ca
Sun Oct 7 21:50:52 UTC 2018
On Sun, 7 Oct 2018, rayv33n wrote:
> Followed all your suggestions and the connection information shows the that the oppo sees that IP addresses across
> the connection down to the %fromcert. What's different this time is the +MS+S=C which I have no idea what that is.
> I blew away the /etc/ipsec.d/*.db and when back to the instruction on how to create it.
That string is a clumpsy way to show identifications used, ignore it.
> Oct 7 18:54:28.198237: | private key for cert Thor not found in local cache; loading from NSS DB
I am still very confused about this. It is abnormal and other people
don't run into this issue at all. So I am really trying to see what
is different in your setup. Can you configure a static ip to ip
connection with the same certificates? Does that work?
Maybe try adding leftsendca=all ? Although the intermediary should
not be needed since it appears in your NSS and is marked as trusted
already. Perhaps you are missing some expected flags in the EKU or KU
for NSS?
> The regular config I have work if there is not NAT involved.
So whether or not there is NAT should not affect the authentication at
all?
Paul
More information about the Swan
mailing list