[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

[Greg Scott]

OK,thanks. 

> You need to first create a NSS db as follows
>
> certutil -N -d sql:/etc/ipsec.d

Looking at the help text on an older f10 box to see what certutil -H
does...
.
.
.
-N              Create a new certificate database
   -d certdir        Cert database directory (default is ~/.netscape)
   -P dbprefix       Cert & Key database prefix
.
.
.
So I think the command above creates a new certificate database in
/etc/ipsec.d. What is the sql: piece for?  

I am guessing the idea behind this is, I could buy a certificate to
"prove" I am who I claim to be and somehow put it in this database and
then use it to generate my RSA key.  And therefore my key can be trusted
- right?  But in this case, I am making a self signed certificate, so I
am alleging I am who I claim to be.  Am I close to understanding the
idea behind all this?

If we can hash this out here, I'll be happy to write something up for
the community to use.  

- Greg