Thanks to all for the quick replies. The problem was indeed that the correct nickname is "server-cert", not "Server-Cert". I am sure I tried this yesterday, but I guess that was yesterday. This command does not work: certutil -L -d . -P slapd-myserver- It returns this error: certutil-bin: NSS_Initialize failed: An I/O error occurred during security authorization. Part of the difficulty with certificates seems to be that the documentation for the utilities is so sparse. If I knew that the nickname referred to the name of a certificate rather than the name of the database file, this might have been helpful. I checked up2date, and it did download something called "nss-ldap", but this does not seem to have made a difference. I would like to be able to use certutil, so if you can think of any reasons why it is not working, please share. Thanks again for your help. -Glenn. ---------- Original Message ----------- From: Thomas Kwan <nkwan at redhat.com> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users at redhat.com> Sent: Wed, 15 Nov 2006 08:23:59 -0800 Subject: Re: pk12util error > are you sure you have the certificate (and key) named Server-Cert? > You can check by doing a certutil -d . -P slapd-myserver- -L in > the alias directory. > > I just created an empty security database, and did a pk12util. > It correctly reported your error. > > --- > [root at cseng tmp]# certutil -d . -N > Enter a password which will be used to encrypt your keys. > The password should be at least 8 characters long, > and should contain at least one non-alphabetic character. > > Enter new password: > Re-enter password: > [root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert > Enter Password or Pin for "NSS Certificate DB": > pk12util: find user certs from nickname failed: security library: > bad database. > --- > > thomas >
