[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
Greg Scott
GregScott at InfraSupportEtc.com
Wed Jul 8 13:31:09 EDT 2009
> Then create keys as follows
>
>ipsec newhostkey --configdir /etc/ipsec.d --password <password>
> --output /etc/ipsec.d/ipsec.secrets
>(password is need only if you create NSS databse password)
Nothing worthwhile works on the first try I guess. I created the
database with a blank password, then tried to create a host key. No
joy. I tried a couple variations on this but so far no luck.
[root at huge-fw etc]# certutil -N -d sql:/etc/ipsec.d
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
[root at huge-fw etc]# cd ipsec.d
[root at huge-fw ipsec.d]# ls
cert9.db hostkey.secrets hq-ipsec.conf hq-updown.sh key4.db
pkcs11.txt policies sites.conf
[root at huge-fw ipsec.d]# more /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
[root at huge-fw ipsec.d]# cp hostkey.secrets hostkey.secrets-original
[root at huge-fw ipsec.d]# ipsec newhostkey --configdir /etc/ipsec.d
--output /etc/ipsec.d/hostkey.secrets
ipsec rsasigkey: key pair generation failed: "-8126"
[root at huge-fw ipsec.d]#
- Greg
More information about the Users
mailing list