[Openswan Users] Error creating new host key
Paul Wouters
paul at xelerance.com
Fri Nov 13 18:50:35 EST 2009
On Fri, 13 Nov 2009, ubi_maior at infinito.it wrote:
> Hi all,
> if I try to run this command:
> ipsec newhostkey --configdir /etc/ipsec.d --output
> /etc/ipsec.d/hostkeys.secrets --bits 2048
>
> I get this error:
> ipsec rsasigkey: key pair generation failed: "-8037"
If you have the --configdir option, you are using the NSS version.
I am getting the same error with NSS. For me it works if I first
create the nss database, and then supply the password on the command
line:
certutil -N -d /etc/ipsec.d
ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/hostkeys.secrets --bits 2048 --password mypasswd
Avesh: do you know how to modify this nss error into a more useful
error message? (eg password missing)
Paul
> It generates the an empty file:
> cat /etc/ipsec.d/hostkeys.secrets
> : RSA {
> }
> # do not change the indenting of that "}"
>
> Could you help me to understand the problem?
>
> Thank You
>
> Regards
>
> Mauro
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list