I was installing old netscape-communicator when I posted last, and the db's it created got me further: Dec 20 12:07:02 solarisldap nscd[2100]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 85 Mesg: openConnection: simple bind failed - Timed out Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 7 Mesg: Session error no available conn. So at least I got here... I'll look around some more to try and disable this verifycertname crap, or re-create the cert correctly. Thanks again. On Tue, 2005-12-20 at 12:09 -0600, Michael Montgomery wrote: > Thanks, I'll give these a shot... > > On Tue, 2005-12-20 at 10:03 -0800, George Holbert wrote: > > > > > > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db. > > > > Furthermore, > > Some versions of certutil will generate a certificate DB called > > cert7.db, but Solaris still won't like it. > > > > I've found that certutil as bundled in the Sun DSRK works well for > > generating Solaris client cert DBs: > > http://www.sun.com/download/products.xml?id=3f74a0db > > > > NSS 3.3.2 should also work: > > http://www.mozilla.org/projects/security/pki/nss/release_notes_332.html > > > > >
