[Openswan Users] nss DH woes

Tuomo Soini tis at foobar.fi
Mon Aug 1 04:19:32 EDT 2011


On Fri, 29 Jul 2011 20:21:58 -0700
Kevin Keane <subscription at kkeane.com> wrote:

> I found my problem. It was a misconfiguration.
> 
> There still is a bug here: openswan fails very ungracefully in this
> situation, and the error messages give no hint as to what actually is
> wrong.
> 
> My nsspassword file was wrong. It should contain ONLY the password. I
> had a prefix in it, as follows:
> 
> NSS FIPS 140-2 Certificate DB:XXXXXXXXXXXXXXXXX

This is correct way to define password.

nsspassword requires the prefix.

If your setup works without prefix it means you have nss db without
password set. Documentation is correct here. Generally what you did was
same than removing nsspassword file.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>


More information about the Users mailing list