[Swan] net-to-net for road warriors
Kostya Vasilyev
kman at fastmail.com
Wed Jan 30 08:25:41 UTC 2019
On Wed, Jan 30, 2019, at 6:23 AM, Paul Wouters wrote:
> On Tue, 29 Jan 2019, Alex wrote:
>
>
> > - How do you delete a key? Using -F doesn't work.
> > ipsec -F -d sql:/etc/ipsec.d -n <ckaid>
> >
> > # certutil -K -d sql:/etc/ipsec.d
> > certutil: Checking token "NSS Certificate DB" in slot "NSS User
> > Private Key and Certificate Services"
> > < 0> rsa a97801beda74b01e2fe3647a87dc9f0e7ad75268 (orphan)
> > # certutil -F -d sql:/etc/ipsec.d -n a97801beda74b01e2fe3647a87dc9f0e7ad75268
> > # certutil -K -d sql:/etc/ipsec.d
> > certutil: Checking token "NSS Certificate DB" in slot "NSS User
> > Private Key and Certificate Services"
> > < 0> rsa a97801beda74b01e2fe3647a87dc9f0e7ad75268 (orphan)
>
> I don't think it is possible using certutl. I tend to just nuke the nss
> db.
>
> Paul
>From certutil -H
-F Delete a key and associated certificate from the database
-n cert-name The nickname of the key to delete
-k key-id The key id of the key to delete, obtained using -K
-d certdir Cert database directory (default is ~/.netscape)
-P dbprefix Cert & Key database prefix
So what you want is:
certutil -F -d sql:/etc/ipsec.d -k a97801beda74b01e2fe3647a87dc9f0e7ad75268
"-k" not "-n" to specify key id
-- K
More information about the Swan
mailing list