[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Greg Scott GregScott at InfraSupportEtc.com
Wed Jul 8 11:47:39 EDT 2009


> You need to first create a NSS db as follows
> certutil -N -d sql:/etc/ipsec.d

Looking at the help text on an older f10 box to see what certutil -H
-N              Create a new certificate database
   -d certdir        Cert database directory (default is ~/.netscape)
   -P dbprefix       Cert & Key database prefix
So I think the command above creates a new certificate database in
/etc/ipsec.d. What is the sql: piece for?  

I am guessing the idea behind this is, I could buy a certificate to
"prove" I am who I claim to be and somehow put it in this database and
then use it to generate my RSA key.  And therefore my key can be trusted
- right?  But in this case, I am making a self signed certificate, so I
am alleging I am who I claim to be.  Am I close to understanding the
idea behind all this?

If we can hash this out here, I'll be happy to write something up for
the community to use.  

- Greg

More information about the Users mailing list