certutil is one of the utility from Mozilla's NSS project. Check this page out for certutil usage: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html Regarding to your error, can you make sure you run certutil in your alias directory, and check if you have files named slapd-myserver-cert8.db, slapd-myserver-key3.db. -L specifies the directory where you have your security databases (cert8.db, key3.db, secmod.db) -P specifies the prefix to the security database files thomas Glenn wrote: >Thanks to all for the quick replies. The problem was indeed that the >correct nickname is "server-cert", not "Server-Cert". I am sure I tried >this yesterday, but I guess that was yesterday. This command does not work: > >certutil -L -d . -P slapd-myserver- > >It returns this error: > >certutil-bin: NSS_Initialize failed: An I/O error occurred during security >authorization. > >Part of the difficulty with certificates seems to be that the documentation >for the utilities is so sparse. If I knew that the nickname referred to the >name of a certificate rather than the name of the database file, this might >have been helpful. > >I checked up2date, and it did download something called "nss-ldap", but this >does not seem to have made a difference. > >I would like to be able to use certutil, so if you can think of any reasons >why it is not working, please share. Thanks again for your help. -Glenn. > > >---------- Original Message ----------- >From: Thomas Kwan <nkwan at redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users at redhat.com> >Sent: Wed, 15 Nov 2006 08:23:59 -0800 >Subject: Re: pk12util error > > > >>are you sure you have the certificate (and key) named Server-Cert? >>You can check by doing a certutil -d . -P slapd-myserver- -L in >>the alias directory. >> >>I just created an empty security database, and did a pk12util. >>It correctly reported your error. >> >>--- >>[root at cseng tmp]# certutil -d . -N >>Enter a password which will be used to encrypt your keys. >>The password should be at least 8 characters long, >>and should contain at least one non-alphabetic character. >> >>Enter new password: >>Re-enter password: >>[root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert >>Enter Password or Pin for "NSS Certificate DB": >>pk12util: find user certs from nickname failed: security library: >>bad database. >>--- >> >>thomas >> >> >> > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3233 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061115/89dd0d53/attachment.bin
