[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
Greg Scott
GregScott at InfraSupportEtc.com
Wed Jul 8 11:47:39 EDT 2009
OK,thanks.
> You need to first create a NSS db as follows
>
> certutil -N -d sql:/etc/ipsec.d
Looking at the help text on an older f10 box to see what certutil -H
does...
.
.
.
-N Create a new certificate database
-d certdir Cert database directory (default is ~/.netscape)
-P dbprefix Cert & Key database prefix
.
.
.
So I think the command above creates a new certificate database in
/etc/ipsec.d. What is the sql: piece for?
I am guessing the idea behind this is, I could buy a certificate to
"prove" I am who I claim to be and somehow put it in this database and
then use it to generate my RSA key. And therefore my key can be trusted
- right? But in this case, I am making a self signed certificate, so I
am alleging I am who I claim to be. Am I close to understanding the
idea behind all this?
If we can hash this out here, I'll be happy to write something up for
the community to use.
- Greg
More information about the Users
mailing list