/testing/guestbin/swan-prep --x509
Preparing X.509 files
east #
 ipsec certutil -D -n west
east #
 ipsec certutil -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa      <<CKAID#1>>   east
east #
 ipsec showhostkey --list
< 1> RSA keyid: <<KEYID#1>> ckaid: <<CKAID#1>>
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add nss-cert
"nss-cert": added IKEv1 connection
east #
 ipsec auto --status |grep nss-cert
"nss-cert": 192.0.2.254/32===192.1.2.23[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...192.1.2.45[%fromcert]===192.0.1.254/32; unrouted; my_ip=192.0.2.254; their_ip=192.0.1.254;
"nss-cert":   host: oriented; local: 192.1.2.23; remote: 192.1.2.45;
"nss-cert":   mycert=east; my_updown=ipsec _updown;
"nss-cert":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
"nss-cert":   our auth:rsasig, their auth:rsasig, our autheap:none, their autheap:none;
"nss-cert":   modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, cat:unset;
"nss-cert":   sec_label:unset;
"nss-cert":   CAs: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'...'%any'
"nss-cert":   ike_life: 28800s; ipsec_life: 28800s; ipsec_max_bytes: 2^63B; ipsec_max_packets: 2^63; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%;
"nss-cert":   retransmit-interval: 9999ms; retransmit-timeout: 99s; iketcp:no; iketcp-port:4500;
"nss-cert":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
"nss-cert":   policy: IKEv1+RSASIG+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES;
"nss-cert":   conn_prio: 32,32; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
"nss-cert":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:no;
"nss-cert":   our idtype: ID_DER_ASN1_DN; our id=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org; their idtype: %fromcert; their id=%fromcert
"nss-cert":   dpd: passive; delay:0s; timeout:0s
"nss-cert":   nat-traversal: encapsulation:auto; keepalive:20s; ikev1-method:rfc+drafts
"nss-cert":   routing: unrouted;
"nss-cert":   conn serial: $1;
east #
 echo "initdone"
initdone
east #
 ipsec certutil -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
east                                                         u,u,u
Libreswan test CA for mainca - Libreswan                     CT,, 
road                                                         P,,  
north                                                        P,,  
hashsha1                                                     P,,  
west-ec                                                      P,,  
nic                                                          P,,  
east #
 ipsec auto --listall
 
List of Public Keys:
 
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_USER_FQDN 'user-east@testing.libreswan.org'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_FQDN '@east.testing.libreswan.org'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_USER_FQDN 'east@testing.libreswan.org'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_IPV4_ADDR '192.1.2.23'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
TIMESTAMP, 3072 RSA Key AwXXXXXXX (has private key), until TIMESTAMP ok
       ID_IPV6_ADDR '2001:db8:1:2::23'
       Issuer 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
 
List of Pre-shared secrets (from /etc/ipsec.secrets)
 
    0: RSA (none) (none)
       ckaid: <<CKAID#1>>
 
List of X.509 End Certificates:
 
End certificate "east" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  3072 bit RSA: has private key
 
End certificate "road" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  3072 bit RSA
 
End certificate "north" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  3072 bit RSA
 
End certificate "hashsha1" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=hashsha1.testing.libreswan.org, E=user-hashsha1@testing.libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  3072 bit RSA
 
Root End certificate "west-ec" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ec.testing.libreswan.org, E=testing@libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west-ec.testing.libreswan.org, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  384 bit(other)
 
End certificate "nic" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nic.testing.libreswan.org, E=user-nic@testing.libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  3072 bit RSA
 
List of X.509 CA Certificates:
 
Root CA certificate "Libreswan test CA for mainca - Libreswan" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  issuer: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
  not before: TIMESTAMP
  not after: TIMESTAMP
  2048 bit RSA
 
List of CRLs:
 
east #
 

