[Openswan Users] system could not open host cert with nick name, what is that about?
Avesh Agarwal
avagarwa at redhat.com
Thu Apr 29 12:06:28 EDT 2010
On 04/29/2010 03:13 AM, Bob Balsover wrote:
> Does anyone know what this error is about? I have Googled for it and found
> nothing. I tried including the complete path to the cert, I have tried
> specifying both the cert from the cert directory and the key from the
> private directory, no difference. I am not passing it a nick name, I am
> specifying the file name so I don't know what the nickname comment is about,
> but none of the documentation that that I have read said anything about
> nicknames in the NSS DB whatever that is.
>
> Does anyone know where the documentation is on this NSS DB as it pertains to
> the openswan ipsec.secrets file is located?
>
> /var/log/secure:
>
> Apr 28 23:37:23 gateway pluto[6704]: loading secrets from
> "/etc/ipsec.secrets"
> Apr 28 23:37:23 gateway pluto[6704]: could not open host cert with nick
> name '/etc/ipsec.d/private/my.key' in NSS DB
> Apr 28 23:37:23 gateway pluto[6704]: "/etc/ipsec.secrets" line 3: NSS
> certficate not found
>
> /etc/ipsec.secrets:
>
> : RSA /etc/ipsec.d/private/my.key "passphrase was here"
>
> #include /etc/ipsec.d/*.secrets
>
>
>
You need to create/import your certificate in the NSS database. There is
a README.nss in the openswan package that gives details how to do it,
and how to use certificates with NSS.
Avesh
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list