[Swan] [EXTERNAL] Re: AW: Re: AW: INVALID_ID_INFORMATION
Paul Wouters
paul at nohats.ca
Tue Apr 2 16:35:19 UTC 2019
On Tue, 2 Apr 2019, LAURIA Giuseppe wrote:
> We finally managed to have it running.
Great!
> I did not realize that the NSS database has to be 'correct'! In the past the NSS database was not; i.e. the peer public key was imported , but had the 'Trust Attribute' set to 'CT,,'. This worked in libreswan version libreswan-3.15-7.5.el6_9.x86_64.
To be fair, all your connections showed authby=secret so no NSS database
was used there. So you did lie a bit :)
> certutil -d sql:. -M -n "<peer-cert-nickname>" -t "P,,"
>
>
> "NEW"
> certutil -L -d sql:.
>
> Certificate Nickname Trust Attributes
> SSL,S/MIME,JAR/XPI
>
> <peer-cert-nickname> P,,
That's good to know, I didn't know that. I tend to just generate a CA
and peers.
Paul
More information about the Swan
mailing list