[Openswan Users] system could not open host cert with nick name, what is that about?

Avesh Agarwal avagarwa at redhat.com
Thu Apr 29 12:06:28 EDT 2010

On 04/29/2010 03:13 AM, Bob Balsover wrote:
> Does anyone know what this error is about?  I have Googled for it and found
> nothing.  I tried including the complete path to the cert, I have tried
> specifying both the cert from the cert directory and the key from the
> private directory, no difference.  I am not passing it a nick name, I am
> specifying the file name so I don't know what the nickname comment is about,
> but none of the documentation that that I have read said anything about
> nicknames in the NSS DB whatever that is.
> Does anyone know where the documentation is on this NSS DB as it pertains to
> the openswan ipsec.secrets file is located?
> /var/log/secure:
> Apr 28 23:37:23 gateway pluto[6704]: loading secrets from
> "/etc/ipsec.secrets"
> Apr 28 23:37:23 gateway pluto[6704]:     could not open host cert with nick
> name '/etc/ipsec.d/private/my.key' in NSS DB
> Apr 28 23:37:23 gateway pluto[6704]: "/etc/ipsec.secrets" line 3: NSS
> certficate not found
> /etc/ipsec.secrets:
> : RSA /etc/ipsec.d/private/my.key "passphrase was here"
> #include /etc/ipsec.d/*.secrets
You need to create/import your certificate in the NSS database. There is 
a README.nss in the openswan package that gives details how to do it, 
and how to use certificates with NSS.


> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list