are you sure you have the certificate (and key) named Server-Cert? You can check by doing a certutil -d . -P slapd-myserver- -L in the alias directory. I just created an empty security database, and did a pk12util. It correctly reported your error. --- [root at cseng tmp]# certutil -d . -N Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: [root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert Enter Password or Pin for "NSS Certificate DB": pk12util: find user certs from nickname failed: security library: bad database. --- thomas Glenn wrote: >I'm trying to get Windows Sync working on an evaluation copy of Red Hat >Directory Server 7.1 SP3. I am stuck at the step where you export the >directory server's certificate to a file. I use this command: > >./pk12util -d . -P slapd-myserver- -o servercert.pfx -n Server-Cert > >The response is: > >Enter Password or Pin for "NSS Certificate DB" > >After I enter the password, I get this error message: > >pk12util-bin: find user certs from nickname failed: security library: bad >database. > >I have followed all the instructions for setting up SSL in the directory >server and the admin server several times. The server and CA certificates >have been requested and installed. Everything looks correct in the console >screens. The slapd-myserver-cert8.db and slapd-myserver-key3.db files >exist. I got tired of retyping the path to the pk12util file, so I copied >it to the alias directory containing the certificates and databases. > >What are some things I can try to get pk12util working? Or is there another >way to export the certificate and key so that I can import them into the >Windows certificate store? Could this be an NSS problem? Should I look for >an NSS update? > >I will try just about anything, but the boss is real keen on using Red Hat, >as he believes the longer development cycle will make it easier to maintain >in the long run. However, if Fedora Directory Server is the only option >that works, I may be able to present it that way. I apologize for the off- >topic question, but there doesn't seem to be any support for the evaluation >of RHDS. Thanks. -Glenn. > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3233 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061115/b4444aaf/attachment.bin
