[Swan] host-to-host config fails with Can't find the certificate or private key
Alex
mysqlstudent at gmail.com
Tue Oct 9 00:48:56 UTC 2018
Hi,
> > At least the second one was created on this host but has now
> > disappeared. How do I delete those broken keys without having to
> > remove the whole database? What could cause this to happen?
>
> certutil -F -d sql:/etc/ipsec.d -n 34127e44f0718fc6d6ad34c089db926e1bb4d7df
>
> use the ckaid shown for the key you want to delete.
This doesn't work to delete keys.
# certutil -d sql:/etc/ipsec.d -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User
Private Key and Certificate Services"
< 0> rsa 5ce9dc013e5db261d0b209bfd44310838e532bbd (orphan)
< 1> rsa 011362e5b659d0be2eb44404ad19e9a5597d2fe3 (orphan)
< 2> rsa 10a77db2b8a96157b434c9576c12652030176392 (orphan)
< 3> rsa 1b45327e14355ab3680f2c274ef49c8e139640e9 (orphan)
< 4> rsa b7c6792120dd97b1ec613872299c5935c8af8b6f (orphan)
< 5> rsa 782dc89a5b8c269edff2f700d602a9f6844c0304 (orphan)
< 6> rsa ed8a3838f2be4c86687f019f59fd190f7b9fbef7 (orphan)
< 7> rsa 109bcf50bd09f4d5793fc5a2ce7c8f4942f65237 (orphan)
< 8> rsa 5abc65ac52d8c5754b94e35fa203b30c48ec8db1 (orphan)
< 9> rsa 90f00e56271865f03c181d7acf4cf3218d09b5e5 (orphan)
# certutil -d sql:/etc/ipsec.d -F -n 90f00e56271865f03c181d7acf4cf3218d09b5e5
Running "certutil -d sql:/etc/ipsec.d -K" again shows the same set of keys.
I don't understand why I was able to create a tunnel between hostA
(arcade) and hostB (mail03) but not hostA (arcade) and hostC (orion)
using the exact same method.
More information about the Swan
mailing list