[Openswan Users] Problem: certutil: unable to decode trust string ....
Jobst Schmalenbach
jobst at barrett.com.au
Fri Dec 24 03:02:17 EST 2010
Hi.
Machines are CentOS 5.4, I want NET-to-NET setup, this is what I did:
on both machines:
certutil -N -d /etc/ipsec.d
then one machine 1:
certutil -S -k rsa -n cacert1 -s "CN=cacert1" -v 12 -d . -t "C,C,C" -x -d /etc/ipsec.d
pk12util -o cacert1.p12 -n cacert1 -d /etc/ipsec.d
scp cacert1.p12 machine2:/tmp
then one machine 2:
cd /etc/ipsec.d
mv /tmp/cacert1.p12 .
pk12util -i cacert1.p12 -d /etc/ipsec.d
certutil -M -n cacert1 -t "C, C, C" -d /etc/ipsec.d
ERROR:
certutil: unable to decode trust string: Peer's Certificate has expired.
I understand the I need to create a new certificate, but where?
Which one does NNS use?
Do I use openssl?
Can I use a REAL one from Apache?
Jobst
--
* help! I've fallen over and I can't SIGHUP!
| |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
More information about the Users
mailing list