<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>Trying to figure out how to import ipsec.secrets or hostkey.secrets into this new NSS database</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">I've been pouring over everything I can find - evidently the ipsec.secrets file and Fedora's hostkey.secrets file is now obsolete? </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">I have an older version of Openswan running on a system that I need to replace with newer hardware. I think the old system was Red Hat Linux 9.0, so it's really old and it might be so old it's running Free S/WAN. The new system will use Fedora 12. Anyway, I want to preserve the .secrets file on the old system with the new system, so I don't have to modify the conn definitions at the branch sites. </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">This used to be easy - just copy the appropriate .secrets file to the new location on the new system. But evidently, this is no longer so straightforward. Looking at an earlier thread that I was hoping could shed some light on the new situation:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">> You need to create/import your certificate in the NSS database. There is </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">> a README.nss in the openswan package that gives details how to do it, </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">> and how to use certificates with NSS.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">></FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">> Avesh</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Wonderful. So where is this readme file? Did the Red Hat</FONT></SPAN><SPAN LANG="en-us"> <FONT FACE="Consolas">folks</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> not include it in their RPM?</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# rpm -qa | grep swan</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">openswan-2.6.25-1.fc12.i686</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name README.nss</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name readme.nss</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name readme.NSS</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name README.NSS</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name *.NSS</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name *.nss</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]#</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]#</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# # Just to make sure my find isn't messed up...</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# touch a.bcd</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]# find / -name *.bcd</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">/root/a.bcd</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">[root@Stylmark-fw2 ~]#</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">I also just have to ask because I haven’t been able to find anything that tells me why - if the old way of doing keys wasn't broken, why change it?</FONT></SPAN><SPAN LANG="en-us"><FONT FACE="Consolas"> And are there any more surprises coming up?</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">Thanks</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Consolas">- Greg Scott</FONT></SPAN></P>
<BR>
</BODY>
</HTML>