[Openswan Users] CKAIDNSS keyword not found where expected in RSA key in /var/log/secure

Greg Scott GregScott at InfraSupportEtc.com
Tue Jul 7 19:43:05 EDT 2009

What does "CKAIDNSS keyword not found where expected in RSA key" mean?
I have an aging system running Linux Openswan U2.4.5/K2.6.18-1.2798.fc6
(netkey).  I am replacing it with a new system running Linux Openswan
U2.6.21/K(no kernel code presently loaded).   The replacement system
will also run netkey, I just have Openswan shut down on it right now.  
So I copied the hostkey.secrets file and appropriate .conf files from
the old to the new system.  When I start IPSEC on the new system, I see
this message in /var/log/secure:
Jul  7 17:59:02 huge-fw pluto[4537]: "/etc/ipsec.d/hostkey.secrets" line
14: CKAIDNSS keyword not found where expected in RSA key

What does this mean?   I am replacing the HQ site and there are a couple
of branch sites in this case.  Did the format of the keys change and do
I need to generate a new key at the HQ site and fiddle with scripts at
all my branch sites to use the new key at the HQ site?
- Greg Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090707/fe421458/attachment.html 

More information about the Users mailing list