[Openswan Users] Error creating new host key

Avesh Agarwal avagarwa at redhat.com
Sat Nov 14 00:30:51 EST 2009


On 11/13/2009 06:50 PM, Paul Wouters wrote:
> On Fri, 13 Nov 2009, ubi_maior at infinito.it wrote:
>
>> Hi all,
>> if I try to run this command:
>> ipsec newhostkey --configdir /etc/ipsec.d  --output
>> /etc/ipsec.d/hostkeys.secrets --bits 2048
>>
>> I get this error:
>> ipsec rsasigkey: key pair generation failed: "-8037"
>
> If you have the --configdir option, you are using the NSS version.
>
> I am getting the same error with NSS. For me it works if I first
> create the nss database, and then supply the password on the command
> line:
>
> certutil -N -d /etc/ipsec.d ipsec newhostkey --configdir /etc/ipsec.d  
> --output /etc/ipsec.d/hostkeys.secrets --bits 2048 --password mypasswd
>
> Avesh: do you know how to modify this nss error into a more useful
> error message? (eg password missing)
>
Meaning of NSS error codes is here 
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html . 
However, I will look into how to make them more meaningful.

Thanks and Regards
Avesh
> Paul
>
>
>
>
>
>> It generates the an empty file:
>> cat /etc/ipsec.d/hostkeys.secrets
>> : RSA   {
>>        }
>> # do not change the indenting of that "}"
>>
>> Could you help me to understand the problem?
>>
>> Thank You
>>
>> Regards
>>
>> Mauro
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>



More information about the Users mailing list