On Sun, Apr 30, 2017 at 11:19 PM, Paul Wouters <p...@nohats.ca> wrote: > On Sat, 29 Apr 2017, Muenz, Michael wrote: > >> but on the last command ipsec "import debian.p12" I get a: >> >> Enter password for PKCS12 file: >> pk12util: PKCS12 IMPORT SUCCESSFUL >> certutil: Could not find cert: NOC CA >> : PR_FILE_NOT_FOUND_ERROR: File not found >> >> The CA is there: >> root@debian:~# certutil -L -d test/ >> >> Certificate Nickname Trust >> Attributes >> SSL,S/MIME,JAR/XPI >> >> mobile u,u,u >> NOC CA CTu,u,u >> debian u,u,u > > > CTu,u,u looks weird. This is normally just CT,, > That will show up on the DB that the CA was created with (in test/), as the CA's private key is there. But the PR_FILE_NOT_FOUND_ERROR makes it seem like the CA cert could just not be imported from the p12. A corrupt p12 file maybe?
> Note "ipsec import" works against /etc/ipsec.d per default. same for > "ipsec initnss", so I'm not sure how that relates to your "test/" > directory. > >> And also when I extract the .p12 with openssl the CA certificate is >> included. >> What exactly does this error mean? Will I have to execute the command in a >> different folder? > > > The PKCS#12 file should contain the CA cert, the EE cert and the private > key. > > Paul > > _______________________________________________ > Swan mailing list > Swan@lists.libreswan.org > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan