Solaris 9 ssl/tls setup. (security library: bad database.)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have successfully gotten solaris 9 (patched with recommended patches)
to work without using ssl/tls, but can't seem to get ssl/tls working.
I've read the following:

http://directory.fedora.redhat.com/wiki/Howto:SolarisClient
and this
http://forum.sun.com/thread.jspa?threadID=12811&tstart=30

And multiple other links to getting this working, but can't seem to get
it to initialize the database.  Everything in my ldap directory appears
to be setup, being that redhat and freebsd with ssl work without issues,
and solaris 9 works without tls/ssl, so the issue, I assume, is with the
*.db files in /var/ldap.

bash-3.00# pwd
/var/ldap
bash-3.00# ls -l *.db
-r--r--r--   1 root     other      65536 Dec 20 11:07 cert8.db
-r--r--r--   1 root     other      16384 Dec 20 11:07 key3.db
-r--r--r--   1 root     other      32768 Dec 20 10:26 secmod.db
bash-3.00# id mmontgomery
Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:15:47 solarisldap last message repeated 1 time
Dec 20 11:15:47 solarisldap nscd[1774]: libsldap: Status: 7  Mesg: Session error no available conn.
id: invalid user name: "mmontgomery"

bash-3.00# ldapclient -v manual -a authenticationMethod=tls:simple -a credentia
lLevel=proxy  -a defaultSearchBase="dc=*****,dc=*********,dc=***"  -a domainNa
me=********** -a followReferrals=false  -a preferredServerList=10.5.1.18 -a
serviceAuthenticationMethod=pam_ldap:tls:simple  -a proxyPassword=******* -a
proxyDn=cn=proxyagent,ou=profile,dc=******,dc=*****,dc=****

Everything works fine up until this point:

start: /usr/lib/ldap/ldap_cachemgr... success
Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap automount[1770]: libsldap: Status: 7  Mesg: Session error no available conn.
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1777]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:21 solarisldap last message repeated 1 time
Dec 20 11:13:21 solarisldap sendmail[1778]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1777]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7  Mesg: Session error no available conn.
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 91  Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Dec 20 11:13:22 solarisldap last message repeated 1 time
Dec 20 11:13:22 solarisldap sendmail[1778]: libsldap: Status: 7  Mesg: Session error no available conn.
start: /etc/init.d/sendmail start... success
System successfully configured

I've used a netscape browser to get my Cert from the FDS, and scp'd the
key3.db, and cert8.db files to the solaris client.  From what I can
tell, it can read these files:

bash-3.00# /usr/local/bin/certutil -L -d .
server-cert                                                  P,,
bash-3.00# /usr/local/bin/certutil -L -d . -n "server-cert"
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1001 (0x3e9)
        Signature Algorithm: PKCS #1 MD5 With RSA Encryption
        Issuer: CN=CAcert
        Validity:
            Not Before: Mon Dec 19 20:33:04 2005
            Not After: Sat Mar 19 20:33:04 2016
        Subject: CN=server-cert
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b7:07:1a:32:33:38:c9:22:53:30:13:07:15:a6:2e:74:
                    b3:c8:26:bd:84:1f:97:57:b6:3d:56:13:5c:90:a2:56:
                    ff:52:ce:4c:d3:54:c5:7a:ab:94:2e:fc:17:7c:18:69:
                    d1:df:e4:88:68:c6:aa:c2:14:21:a7:27:c7:4b:45:19:
                    89:c3:9f:8f:2b:22:69:b6:9e:3b:0b:84:b4:78:66:d7:
                    84:f5:17:f0:12:bc:56:d4:20:34:86:49:02:2a:9f:22:
                    9c:c2:3b:c2:48:5c:c1:df:7d:22:19:8f:3d:9b:c2:83:
                    1b:0f:f1:92:be:70:d2:95:15:cf:f0:0c:3e:74:78:4b
                Exponent: 65537 (0x10001)
    Fingerprint (MD5):
        D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
    Fingerprint (SHA1):
        DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09

    Signature Algorithm: PKCS #1 MD5 With RSA Encryption
    Signature:
        2c:5c:60:05:f0:97:30:9c:57:a3:87:69:75:26:71:b2:
        e7:7d:c8:eb:36:35:bd:e6:9f:db:4d:0f:23:75:e0:bc:
        76:4d:aa:ae:7f:9c:ac:e4:c0:35:7d:5f:22:4e:52:40:
        fb:3f:bf:a8:8d:50:b3:00:9b:73:bf:2b:54:84:14:8a:
        c1:00:52:95:e6:47:98:78:5d:cb:ff:76:50:cc:94:09:
        53:13:b9:11:4e:eb:c8:1a:88:dd:42:76:dd:6c:32:7d:
        1a:17:c1:a2:fd:03:e2:47:12:84:c3:72:da:b1:05:61:
        3b:d6:26:99:1d:e6:b9:48:7a:ca:96:98:22:ce:bc:70
    Certificate Trust Flags:
        SSL Flags:
            Valid Peer
            Trusted
        Email Flags:
        Object Signing Flags:

Anybody have any ideas what I may be missing here?

Thanks again.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux