O.K., now I feel really dumb. I had certutil, certutil-bin, and all the database and certificate files in the alias directory. When I ran the command, I actually typed "myserver" instead of the name of the server! The command works fine when I type the correct server name. I've been at this too long, and I'm going for a cup of coffee now. Thanks again for your patient assistance. You guys are great! -Glenn. ---------- Original Message ----------- From: Thomas Kwan <nkwan at redhat.com> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users at redhat.com> Sent: Wed, 15 Nov 2006 08:58:59 -0800 Subject: Re: pk12util error > certutil is one of the utility from Mozilla's NSS project. > Check this page out for certutil usage: > > http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html > > Regarding to your error, can you make sure you run certutil in > your alias directory, and check if you have files named > slapd-myserver-cert8.db, slapd-myserver-key3.db. > > -L specifies the directory where you have your security databases > (cert8.db, key3.db, secmod.db) > -P specifies the prefix to the security database files > > thomas > > Glenn wrote: > > >Thanks to all for the quick replies. The problem was indeed that the > >correct nickname is "server-cert", not "Server-Cert". I am sure I tried > >this yesterday, but I guess that was yesterday. This command does not work: > > > >certutil -L -d . -P slapd-myserver- > > > >It returns this error: > > > >certutil-bin: NSS_Initialize failed: An I/O error occurred during security > >authorization. > > > >Part of the difficulty with certificates seems to be that the documentation > >for the utilities is so sparse. If I knew that the nickname referred to the > >name of a certificate rather than the name of the database file, this might > >have been helpful. > > > >I checked up2date, and it did download something called "nss-ldap", but this > >does not seem to have made a difference. > > > >I would like to be able to use certutil, so if you can think of any reasons > >why it is not working, please share. Thanks again for your help. - Glenn. > > > > > >---------- Original Message ----------- > >From: Thomas Kwan <nkwan at redhat.com> > >To: "General discussion list for the Fedora Directory server project." > ><fedora-directory-users at redhat.com> > >Sent: Wed, 15 Nov 2006 08:23:59 -0800 > >Subject: Re: pk12util error > > > > > > > >>are you sure you have the certificate (and key) named Server-Cert? > >>You can check by doing a certutil -d . -P slapd-myserver- -L in > >>the alias directory. > >> > >>I just created an empty security database, and did a pk12util. > >>It correctly reported your error. > >> > >>--- > >>[root at cseng tmp]# certutil -d . -N > >>Enter a password which will be used to encrypt your keys. > >>The password should be at least 8 characters long, > >>and should contain at least one non-alphabetic character. > >> > >>Enter new password: > >>Re-enter password: > >>[root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert > >>Enter Password or Pin for "NSS Certificate DB": > >>pk12util: find user certs from nickname failed: security library: > >>bad database. > >>--- > >> > >>thomas > >> > >> > >> > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > ------- End of Original Message -------
