[Openswan Users] Error creating new host key

Paul Wouters paul at xelerance.com
Fri Nov 13 18:50:35 EST 2009

On Fri, 13 Nov 2009, ubi_maior at infinito.it wrote:

> Hi all,
> if I try to run this command:
> ipsec newhostkey --configdir /etc/ipsec.d  --output
> /etc/ipsec.d/hostkeys.secrets --bits 2048
> I get this error:
> ipsec rsasigkey: key pair generation failed: "-8037"

If you have the --configdir option, you are using the NSS version.

I am getting the same error with NSS. For me it works if I first
create the nss database, and then supply the password on the command

certutil -N -d /etc/ipsec.d 
ipsec newhostkey --configdir /etc/ipsec.d  --output /etc/ipsec.d/hostkeys.secrets --bits 2048 --password mypasswd

Avesh: do you know how to modify this nss error into a more useful
error message? (eg password missing)


> It generates the an empty file:
> cat /etc/ipsec.d/hostkeys.secrets
> : RSA   {
>        }
> # do not change the indenting of that "}"
> Could you help me to understand the problem?
> Thank You
> Regards
> Mauro
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list