Hide Forgot
Description of problem: After installing libreswan, the certdb has to be recreated manually otherwise creating keys fails. Version-Release number of selected component (if applicable): fedora 19 How reproducible: always Steps to Reproduce: 1.ipsec rsasigkey --verbose 4096 --configdir /etc/ipsec.d/ --random /dev/urandom 2. 3. Actual results: getting 60 random bytes from /dev/urandom... ipsec rsasigkey: key pair generation failed: "-8037" Expected results: getting 60 random bytes from /dev/urandom... Generated RSA key pair using the NSS database output... Additional info: Recreating the certdb solves this issue # rm -f /etc/ipsec.d/*.db; certutil -N -d /etc/ipsec.d
It seems that when the pluto NSS is not initialised (which we cannot automate due to certutil -N -d /etc/ipsec.d not accepting blanc password or a password file) and pluto starts, it creates some kind of *db files which are not usable. Later running rsasigkey to add a key to the database then fails, and these *db files have to be deleted. I will talk to the nss people and see if they have a solution that might work
this was fixed in 3.7