<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 21/12/2015 22:30, Paul Wouters
wrote:<br>
</div>
<blockquote
cite="mid:alpine.LFD.2.20.1512211729330.15737@bofh.nohats.ca"
type="cite">
<br>
On Mon, 21 Dec 2015, Nick Howitt wrote:
<br>
<br>
<blockquote type="cite">I've just upgraded to 3.16 and I thought
I'd have a go at IKEv2 on a road warrior but I'm stuck with the
<br>
NSS/certificates bit. I'm trying to use information gleaned from
the Wiki, and use certificates already
<br>
</blockquote>
<br>
Note I updated that page recently to add the sql: prefix to all
nss
<br>
commands using -d.
<br>
</blockquote>
Hmm. It is not what I'm seeing. No references to sql: on the page
(<a class="moz-txt-link-freetext" href="https://libreswan.org/wiki/Using_NSS_with_libreswan">https://libreswan.org/wiki/Using_NSS_with_libreswan</a>)<br>
<blockquote
cite="mid:alpine.LFD.2.20.1512211729330.15737@bofh.nohats.ca"
type="cite">
<br>
<blockquote type="cite">generated on the server for the server and
for OpenVPN. I deleted the old *.db and pkcs11.txt files in
<br>
/etc/ipsec.d then did the following:
<br>
[root@server ipsec.d]# ipsec initnss
<br>
Initializing NSS database
<br>
<br>
[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
<br>
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an
<br>
old, unsupported format.
<br>
</blockquote>
<br>
So that should be: certutil -L -d sql:/etc/ipsec.d
<br>
</blockquote>
That works, thanks.<br>
<blockquote
cite="mid:alpine.LFD.2.20.1512211729330.15737@bofh.nohats.ca"
type="cite">
<br>
<blockquote type="cite"> [root@server ipsec.d]# ipsec import
/etc/pki/CA/server.p12
<br>
Enter password for PKCS12 file:
<br>
pk12util: no nickname for cert in PKCS12 file.
<br>
pk12util: using nickname: server.howitts.lan - ClearOS
<br>
pk12util: PKCS12 IMPORT SUCCESSFUL
<br>
correcting trust bits for ca.server.howitts.lan - ClearOS
<br>
[root@server ipsec.d]# certutil -L -d /etc/ipsec.d
<br>
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an
<br>
old, unsupported format.
<br>
</blockquote>
<br>
Same here.
<br>
<br>
Paul
<br>
</blockquote>
Nick<br>
<br>
</body>
</html>