[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Avesh Agarwal avagarwa at redhat.com
Wed Jul 8 13:47:34 EDT 2009

Greg Scott wrote:
>> Then create keys as follows
>> ipsec newhostkey --configdir /etc/ipsec.d --password <password> 
>> --output /etc/ipsec.d/ipsec.secrets  
>> (password is need only if you create NSS databse password)
> Nothing worthwhile works on the first try I guess.  I created the
> database with a blank password, then tried to create a host key.  No
> joy.  I tried a couple variations on this but so far no luck.  
> [root at huge-fw etc]# certutil -N -d sql:/etc/ipsec.d
> Enter a password which will be used to encrypt your keys.
> The password should be at least 8 characters long,
> and should contain at least one non-alphabetic character.
> Enter new password:
> Re-enter password:
> [root at huge-fw etc]# cd ipsec.d
> [root at huge-fw ipsec.d]# ls
> cert9.db  hostkey.secrets  hq-ipsec.conf  hq-updown.sh  key4.db
> pkcs11.txt  policies  sites.conf
> [root at huge-fw ipsec.d]# more /etc/ipsec.secrets
> include /etc/ipsec.d/*.secrets
> [root at huge-fw ipsec.d]# cp hostkey.secrets hostkey.secrets-original
> [root at huge-fw ipsec.d]# ipsec newhostkey --configdir /etc/ipsec.d
> --output /etc/ipsec.d/hostkey.secrets
> ipsec rsasigkey: key pair generation failed: "-8126"
> [root at huge-fw ipsec.d]# 
Which version you are using?  I released 2.6.21-5 in F11, and not sure 
if it is reached to you yet.


> - Greg

More information about the Users mailing list