[389-users] 389 certificate issues...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/02/2009 05:30 PM, Marc Sauton wrote:
> Trey Sheldon wrote:
>> Hello all,
>>
>> I've been evaluating and prepping to deploy 389 for a couple months 
>> now and while working on my final deployment I've run into a snag...
>>
>> I created two servers and successfully enabled SSL on them.  I'm 
>> attempting to create a third using the exact same procedure and can't 
>> seem to get SSL enabled.
>>
>> I used the admin-gui to install the request / install the certs and 
>> roots.
>>
>> ##WORKING
>> #certutil -L -d .
>> Certificate Nickname                                         Trust 
>> Attributes
>>                                                              
>> SSL,S/MIME,JAR/XPI
>> Metaweb Root Certificate                                     CT,,
>> Metaweb Host Root Certificate                                CT,,
>> server-cert                                                  u,u,u
>>
>> # certutil -L -d . -n server-cert
>> Certificate:
>>     Data:
>>         Version: 3 (0x2)
>>         Serial Number: 88 (0x58)
>>         Signature Algorithm: PKCS #1 MD5 With RSA Encryption
>>     Issuer: ........ <full certificate>
>>
>> ## NOT WORKING
>> # certutil -L -d .
>> Certificate Nickname                                         Trust 
>> Attributes
>>                                                              
>> SSL,S/MIME,JAR/XPI
>> Metaweb Root Certificate                                     CT,,
>> Metaweb Host Root Certificate                                CT,,
>> server-cert                                                  u,u,u
>>
>> # certutil -L -d . -n server-cert
>> certutil: Could not find: server-cert
>> : security library: bad database.
>>
> It means the nick-name provided to certutil does not exist in the NSS db.

certutil -X -d . (might help as it tries to open the db in write mode)...

> Aside cert8.db, key3.db, secmod.db files and directory permissions, 
> reading the 2 root certificates from this specific NSS db directory 
> for sanity check, is it possible the string "server-cert" that you 
> expect for the nickname was stored with some extra spaces appended to 
> it?...
> Is the cert visible in the console?
> Any specific errors in the console when you try to install the cert or 
> enable SSL?
>>
>> These systems are automatically deployed and configured and should 
>> have identical package revisions and configurations.  I'm at a blank 
>> to what is causing the problem.   Any insight that people have would 
>> be *greatly* appreciated.
>>
>> Sincerely,
>> Trey SHeldon
>>
>> -- 
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> -- 
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux