Hi, corresponding http://directory.fedoraproject.org/wiki/Howto:SSL your /etc/dirserv/slapd-<inst>/pin.txt file has to contain: internal:<your-password> Please check the syntax Regards Carsten ----- Ursprüngliche Nachricht ----- Von: "s.varadha rajan" <rajanvaradhu@xxxxxxxxx> Datum: Dienstag, 9. August 2011, 11:16 Betreff: Re: [389-users] Existing certificate error An: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > Hi Niranjan, > > Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error, > > * Starting 389 Directory Server instances : > [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) > [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed. > * *** Warning: 1 instance(s) failed to start... [fail] > > > Any idea further please... > > Regards, > Varad > > 2011/8/8 mallapadi niranjan <niranjan.ashok@xxxxxxxxx> > > > On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu@xxxxxxxxx> wrote: > Hi Niranjan, > Password we have used while creating the certificate, that is not accepting. this is the problem.> > @Rob,> > We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work. > > This is where i am struck and still facing the same issues.> > Regards,> Varad> > Greetings, > > Does the pkcs12 file has a password, do you remember the password of the .pk12 file ? > > If so you can try the below > > Important, please take backup of /etc/dirsrv before attempting and also stop directory service > #service dirsrv stop > > > take the backup of NSS database file in /etc/dirsrv > > > $mv *.db /tmp/mybackup > > $cd /etc/dirsrv > Create a new database > $certutila -N -d /etc/dirsrv> > Import the certificates from pk12 file > $pk12util -d . -i <file-name>-n <nick-name>> > The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory > $certutil -L -d /tmp/mybackup > > You might have to re-import the CA certificate if required, > $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,," > > Regards> Niranjan> > > > > > > On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten@xxxxxxxxxx> wrote: > s.varadha rajan wrote: > Hi, > > We are planning to configure ssl enabled Fedora directory server.we have > a proper signed certificate.while importing, it is asking "Enter the > password to access the Token" ? like that. even though we have given the > exact password, while creating the certificate but it is not working. > I referred wiki fedora doc also but getting this error. How to use > existing certificate and enable secure ldap server. > > I have already posted the same question but nobody is reply > > Regards, > Varad > > Did you import the cert's private key too? > > rob > > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users
begin:vcard n:Grzemba;Carsten fn:Carsten Grzemba tel;cell:+49 171 9749479 tel;work:+49 3677 6474-0 org:contac Datentechnik GmbH adr:;;Auf dem Steine 1;Ilmenau;;98693; email;internet:carsten.grzemba@xxxxxxxxxxxx version:2.1 end:vcard
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
