Re: [389-users] Existing certificate error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Niranjan,

Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error,

* Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
* *** Warning: 1 instance(s) failed to start...   [fail]


Any idea further please...

Regards,
Varad

2011/8/8 mallapadi niranjan <niranjan.ashok@xxxxxxxxx>


On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu@xxxxxxxxx> wrote:
Hi Niranjan,

Password we have used while creating the certificate, that is not accepting. this is the problem.

@Rob,

We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.

This is where i am struck and still facing the same issues.

Regards,
Varad

Greetings, 

Does the  pkcs12 file has a password,  do you remember the password of the .pk12 file ?

If so you can try the below 

Important, please take backup of /etc/dirsrv before attempting and also stop directory service 
#service dirsrv stop 


take the backup of NSS database file in /etc/dirsrv 


$mv *.db /tmp/mybackup 

$cd /etc/dirsrv 
Create a new database 
$certutila -N -d /etc/dirsrv

Import the certificates from pk12 file 
$pk12util -d . -i <file-name>-n <nick-name>

The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory 
$certutil -L -d  /tmp/mybackup  

You might have to re-import the CA certificate if required, 
$certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,," 

Regards
Niranjan






On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten@xxxxxxxxxx> wrote:
s.varadha rajan wrote:
Hi,

We are planning to configure ssl enabled Fedora directory server.we have
a proper signed certificate.while importing, it is asking "Enter the
password to access the Token" ? like that. even though we have given the
exact password, while creating the certificate but it is not working.
I referred wiki fedora doc also but getting this error. How to use
existing certificate and enable secure ldap server.

I have already posted the same question but nobody is reply

Regards,
Varad

Did you import the cert's private key too?

rob



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux