[Swan] host-to-host config fails with Can't find the certificate or private key

[Paul Wouters]

On Mon, 8 Oct 2018, Alex wrote:

> I'm still having difficulty and really don't know what to do. Somehow
> the private keys have disappeared:

private keys cannot just "disappear". But if you do not load a
connection with leftcert=XXXX then the cert or key won't show up
in the listall output.

> At least the second one was created on this host but has now
> disappeared. How do I delete those broken keys without having to
> remove the whole database? What could cause this to happen?

certutil -F -d sql:/etc/ipsec.d -n 34127e44f0718fc6d6ad34c089db926e1bb4d7df

use the ckaid shown for the key you want to delete.

Paul