On Tue, 2005-12-20 at 12:06 -0600, Michael Montgomery wrote: > Thanks for the info... but > > I don't have netscape installed on this solaris server, so i can't use > it to create the db. I found a certutil package that seems to create > old db files here: > > http://www.gurulabs.com/goodies/downloads.php > > I guess I could install a really old version of netscape on my desktop > machine, and use it, but is there an easier way to go about this, as > trying to import the server cert gives this: > > bash-3.00# /usr/local/bin/certutil -A -n "CA certificate" > -i /root/cert.crt -t > "CTu,u,u" > certutil: could not obtain certificate from file: Failure to load > dynamic library. George Holbert's reply has some links you might try. I think that if you use the "Install Everything + OEM" aka SUNWCXall installation option for Solaris 9, you should also have the sunone directory server software installed. It might (can't remember for sure at the moment) have a certutil you can use. grep certutil /var/sadm/install/contents would tell you for sure. I have also noticed that certutil is picky about where it runs, and needs a library in cwd when you run it in some instances (seen this with SunOne Directory Server 5.2 running under linux, look at the ~dsroot/alias dir as it has a .so lib there for certutil IIRC). Good luck. If you have any issues once getting it in cert7.db format with your SSL connections just shout. At my day job, I currently have 300+ Solaris 8/Solaris 9 servers running in tls:simple mode. > > Thanks again for any help you can offer. No problem. Sorry for being short on the first email (and thanks George for covering my lack of additional info), was short on time, and wanted to get the info about cert7.db out. Jamie
