Hi all, I'm generating new *.db files for my server, where I will install a new root ca, and a new server cert (new *.db files allows me to easily test and back out). I have a couple of questions about *.db files and how FDS uses them: 1. When I use certutil -N to create the new db files, is the value I give to the '-P' flag arbitrary, or does the server look for a specific value based on instance name or something? I have new files called 'slapd-ldap-cert8.db' and 'slapd-ldap-key3.db', because I thought this prefix value was arbitrary, but FDS fails to start because it says that files ' slapd-ldap-testbox-cert8.db' and 'slapd-ldap-testbox-key3.db' are missing. Those are the *old* db file names. 2. Related to 1, how do I (from the command line) change what files FDS looks for? Is this possible? Recommended? 3. Is it true that I cannot reuse a signed server certificate in a newly created database, even if the new database has the same root ca installed as the old one? I need to generate a request every time I run certutil -N? 4. Are there other rules that these files have to conform to in order for the server to start up? Are there docs on this that I've missed? Links? I've seen the mozilla NSS docs, but they're mostly for developers (except for the decent certutil reference), and the RHDS docs do everything from the GUI as far as I've seen. Thanks. brian. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060710/a9321407/attachment.html