Package: libnss3-tools Version: 2:3.41-1 Distributor ID: Debian Description: Debian GNU/Linux buster/sid Release: testing Codename: buster
Hello, Seems I've run into a bug in libnss3-tools in Debian Buster. I'm following this tutorial to generate certificates for IPSec (into an NSS database) and to export them in PKCS12 format for transfer to another system (my IPSEC client). https://libreswan.org/wiki/HOWTO:_Using_NSS_with_libreswan#Using_certificates_with_NSS On Debian Buster, which is where I need this to work, pk12util 2:3.41-1 is unable to export certificates. LibreSwan sets up an NSS database in sql:/var/lib/ipsec/nss/ - but the error can be reproduced in a whole separate directory using "-d sql." Steps: 1 - Generate CA certutil -S -k rsa -n "ExampleCA" -s "CN=Example CA Inc" -v 120 -t "CT,C,C" -x -d sql:. Output: Continue typing until the progress meter is full: .... etc ... 2 - Generate user cert certutil -S -k rsa -c "ExampleCA" -n "user1" -s "CN=User Common Name" -v 12 -t "u,u,u" -d sql:. Output: Continue typing until the progress meter is full: .... etc ... 3 - List certificates certutil -d sql:. -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ExampleCA CTu,Cu,Cu user1 u,u,u 4 - Try to export certificate user1 pk12util -d sql:. -o user1.p12 -n user1 Error attempting to export certificates. This is the error I'm reporting. That's the whole message - there is no explanation what the error is and how to fix it. ---- Same exact steps on Ubuntu 18.10 with libnss3-tools 2:3.36.1-1ubuntu1 - exporting works: pk12util -d . -o user1.p12 -n user1 Enter password for PKCS12 file: Re-enter password: pk12util: PKCS12 EXPORT SUCCESSFUL Thanks, -- Kostya Vasilyev k...@fastmail.com
