Debian’s nss db lives in /var/lib/ipsec/nss instead of /etc/ipsec.d Sent from my iPhone
> On Nov 27, 2019, at 22:39, MARSON Ismenia <[email protected]> > wrote: > > Hi all, > > I'm using libreswan on debian10, i want to do ipsec with certificate > exchange. > > I follow this instructions > https://github.com/libreswan/libreswan/blob/master/docs/nss-howto.txt > > But libreswan doesn't recognize my user certificate: > > The error is: > > root@XXX:/etc/ipsec.d# ipsec auto --add mytunnel > 000 left certificate with nickname 'usercert1' was not found in NSS DB > > But when I list my certificates with certutil I see This: > > root@XXX:/etc/ipsec.d# certutil -L -d /etc/ipsec.d > > Certificate Nickname Trust Attributes > > SSL,S/MIME,JAR/XPI > > ipsec-client.ads.local - LOCAL u,u,u > cacert1 Cu,Cu,Cu > usercert1 u,u,u > > => the certificate is in NSS DB so i don't understand what is the problem. > > My conf file is like: > > root@XXX:/etc/ipsec.d# less my_host-to-host.conf > conn mytunnel > left="IP_left" > leftid="CN=usercert1" > leftsourceip="IP_left" > leftrsasigkey=%cert > leftcert=usercert1 > leftnexthop="IP_right" > right="IP_right" > rightid="CN=usercert2" > rightsourceip="IP_right" > rightrsasigkey=%cert > rightnexthop="IP_left" > rekey=no > esp="aes-sha1" > ike="aes-sha1" > auto=add > > Can you help me please? > > > > Ce courriel et les documents qui lui sont joints sont, sauf mention > contraire, présumés de nature confidentielle et destinées à l'usage exclusif > du ou des destinataire(s) mentionné(s). Si vous n'êtes pas le ou les > destinataire(s), vous êtes informé(e) que toute divulgation, reproduction, > distribution, toute autre diffusion ou utilisation de cette communication ou > de tout ou partie de ces informations est strictement interdite, sauf accord > préalable de l’expéditeur. Si ce message vous a été transmis par erreur, > merci d’immédiatement en informer l'expéditeur et supprimer de votre système > informatique ce courriel ainsi que tous les documents qui y sont attachés. En > vous remerciant de votre coopération. > > This email and any attached documents are, unless otherwise stated, presumed > to be confidential and intended for the exclusive use of the recipient(s) > mentioned. If you are not the recipient(s), you are informed that any > disclosure, reproduction, distribution, any other dissemination or use of > this communication or all or part of this information is strictly prohibited, > unless agreed beforehand by the sender. If you have received this e-mail in > error, please immediately advise the sender and delete this e-mail and all > the attached documents from your computer system. Thanking you for your > cooperation. > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
