[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Greg Scott GregScott at InfraSupportEtc.com
Wed Jul 8 13:31:09 EDT 2009

> Then create keys as follows
>ipsec newhostkey --configdir /etc/ipsec.d --password <password> 
> --output /etc/ipsec.d/ipsec.secrets  
>(password is need only if you create NSS databse password)

Nothing worthwhile works on the first try I guess.  I created the
database with a blank password, then tried to create a host key.  No
joy.  I tried a couple variations on this but so far no luck.  

[root at huge-fw etc]# certutil -N -d sql:/etc/ipsec.d
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
[root at huge-fw etc]# cd ipsec.d
[root at huge-fw ipsec.d]# ls
cert9.db  hostkey.secrets  hq-ipsec.conf  hq-updown.sh  key4.db
pkcs11.txt  policies  sites.conf
[root at huge-fw ipsec.d]# more /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
[root at huge-fw ipsec.d]# cp hostkey.secrets hostkey.secrets-original
[root at huge-fw ipsec.d]# ipsec newhostkey --configdir /etc/ipsec.d
--output /etc/ipsec.d/hostkey.secrets
ipsec rsasigkey: key pair generation failed: "-8126"
[root at huge-fw ipsec.d]# 

- Greg

More information about the Users mailing list