/testing/guestbin/swan-prep
east #
 # always zap and recreate special comma certs
east #
 rm /etc/ipsec.d/*.*
east #
 /testing/x509/nss-certs.sh
++ dirname /testing/x509/nss-certs.sh
+ nssdir=/testing/x509/nss
++ dirname /testing/x509/nss-certs.sh
+ mydir=/testing/x509
+ mkdir -p /testing/x509/nss
+ rm -f '/testing/x509/nss/*'
+ ipsec initnss --nssdir /testing/x509/nss
Initializing NSS database
+ echo dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk
+ certutil -S -k rsa -n cacert -s CN=cacert -v 12 -d . -t C,C,C -x -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
+ certutil -S -k rsa -c cacert -n client --extSAN dns:client.libreswan.org -m 101 -s 'C=CZ, ST=Moravia, L=Brno, O=Test Example, OU="Global, Support, Services", CN=client' -v 12 -t u,u,u -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
+ certutil -S -k rsa -c cacert -n server --extSAN dns:server.libreswan.org -m 102 -s 'C=CZ, ST=Moravia, L=Brno, O=Test Example, OU="Global, Support, Services", CN=server' -v 12 -t u,u,u -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
+ pk12util -o /testing/x509/nss/client.p12 -n client -d sql:/testing/x509/nss -W foobar -K foobar
pk12util: PKCS12 EXPORT SUCCESSFUL
+ pk12util -o /testing/x509/nss/server.p12 -n server -d sql:/testing/x509/nss -W foobar -K foobar
pk12util: PKCS12 EXPORT SUCCESSFUL
+ certutil -S -k rsa -n cacertX -s CN=cacertX -v 12 -d . -t C,C,C -x -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
+ certutil -S -k rsa -c cacertX -n clientX --extSAN dns:clientX.libreswan.org -m 103 -s 'C=CZ, ST=Moravia, L=Brno, O=Test Example, OU="Global Support Services", CN=clientX' -v 12 -t u,u,u -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
+ certutil -S -k rsa -c cacertX -n serverX --extSAN dns:serverX.libreswan.org -m 104 -s 'C=CZ, ST=Moravia, L=Brno, O=Test Example, OU="Global Support Services", CN=serverX' -v 12 -t u,u,u -d sql:/testing/x509/nss -z /testing/x509/nss/cert.noise -f /testing/x509/nss-pw
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
+ pk12util -o /testing/x509/nss/clientX.p12 -n clientX -d sql:/testing/x509/nss -W foobar -K foobar
pk12util: PKCS12 EXPORT SUCCESSFUL
+ pk12util -o /testing/x509/nss/serverX.p12 -n serverX -d sql:/testing/x509/nss -W foobar -K foobar
pk12util: PKCS12 EXPORT SUCCESSFUL
east #
 ipsec initnss > /dev/null 2> /dev/null
east #
 pk12util -i /testing/x509/nss/server.p12 -d sql:/etc/ipsec.d -K 'foobar' -W 'foobar'
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 certutil -M -d sql:/etc/ipsec.d -n cacert -t 'CT,,'
east #
 ipsec start
Redirecting to: [initsystem]
east #
 /testing/pluto/bin/wait-until-pluto-started
east #
 ipsec auto --add x509
002 added IKEv2 connection "x509"
east #
 echo "initdone"
initdone
east #
 
