[Openswan Users] How do I import an existing *.secrets file into an NSS database?

Greg Scott GregScott at Infrasupport.com
Wed Feb 9 17:38:53 EST 2011


This should be easy but I sure haven't figured out how to do it - I have
a tunnel with an existing config, about 3 or so years old, that I want
to upgrade to the newest version.  This site uses a hostkey.secrets file
with its own private key.  The tunnels use pre shared keys - no
certificates - and this branch site is old enough that it predates all
the NSS stuff.  But now I need to upgrade it and I would prefer to keep
using the private key I already have in place.  

 

So now we have this NSS database that's supposed to hold all the crypto
stuff and the latest versions of IPSEC look there instead of the raw
files we used to use.  

 

I know how to build a new, empty NSS database and put it in /etc/ipsec.d
like this:

 

certutil -N -d /etc/ipsec.d

 

I know how to generate a new private key and populate my new NSS
database:

 

ipsec newhostkey --configdir /etc/ipsec.d \

                --output /etc/ipsec.d/hostkey.secrets \

                --verbose \

                --hostname myhost

 

But what if I already have a private key named hostkey.secrets and I
want to keep using it?  How do I import an existing hostkey.secrets file
into an NSS database?

 

Thanks

 

-          Greg Scott

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110209/edfec778/attachment.html 


More information about the Users mailing list