[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
avagarwa at redhat.com
Wed Jul 8 13:47:34 EDT 2009
Greg Scott wrote:
>> Then create keys as follows
>> ipsec newhostkey --configdir /etc/ipsec.d --password <password>
>> --output /etc/ipsec.d/ipsec.secrets
>> (password is need only if you create NSS databse password)
> Nothing worthwhile works on the first try I guess. I created the
> database with a blank password, then tried to create a host key. No
> joy. I tried a couple variations on this but so far no luck.
> [root at huge-fw etc]# certutil -N -d sql:/etc/ipsec.d
> Enter a password which will be used to encrypt your keys.
> The password should be at least 8 characters long,
> and should contain at least one non-alphabetic character.
> Enter new password:
> Re-enter password:
> [root at huge-fw etc]# cd ipsec.d
> [root at huge-fw ipsec.d]# ls
> cert9.db hostkey.secrets hq-ipsec.conf hq-updown.sh key4.db
> pkcs11.txt policies sites.conf
> [root at huge-fw ipsec.d]# more /etc/ipsec.secrets
> include /etc/ipsec.d/*.secrets
> [root at huge-fw ipsec.d]# cp hostkey.secrets hostkey.secrets-original
> [root at huge-fw ipsec.d]# ipsec newhostkey --configdir /etc/ipsec.d
> --output /etc/ipsec.d/hostkey.secrets
> ipsec rsasigkey: key pair generation failed: "-8126"
> [root at huge-fw ipsec.d]#
Which version you are using? I released 2.6.21-5 in F11, and not sure
if it is reached to you yet.
> - Greg
More information about the Users