Trey Sheldon wrote: > Hello all, > > I've been evaluating and prepping to deploy 389 for a couple months > now and while working on my final deployment I've run into a snag... > > I created two servers and successfully enabled SSL on them. I'm > attempting to create a third using the exact same procedure and can't > seem to get SSL enabled. > > I used the admin-gui to install the request / install the certs and > roots. > > ##WORKING > #certutil -L -d . > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > Metaweb Root Certificate CT,, > Metaweb Host Root Certificate CT,, > server-cert u,u,u > > # certutil -L -d . -n server-cert > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 88 (0x58) > Signature Algorithm: PKCS #1 MD5 With RSA Encryption > Issuer: ........ <full certificate> > > ## NOT WORKING > # certutil -L -d . > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > Metaweb Root Certificate CT,, > Metaweb Host Root Certificate CT,, > server-cert u,u,u > > # certutil -L -d . -n server-cert > certutil: Could not find: server-cert > : security library: bad database. > It means the nick-name provided to certutil does not exist in the NSS db. Aside cert8.db, key3.db, secmod.db files and directory permissions, reading the 2 root certificates from this specific NSS db directory for sanity check, is it possible the string "server-cert" that you expect for the nickname was stored with some extra spaces appended to it?... Is the cert visible in the console? Any specific errors in the console when you try to install the cert or enable SSL? > > These systems are automatically deployed and configured and should > have identical package revisions and configurations. I'm at a blank > to what is causing the problem. Any insight that people have would > be *greatly* appreciated. > > Sincerely, > Trey SHeldon > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
