Re: Help with NSS Database

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/17/2018 11:27 AM, Cassandra Reed wrote:
Hi Everyone,

We are in a sticky spot right now where we need to install a new certificate in our 389 Production system, but we do not have the password that was used when the system was built years ago.  We have tried all of the possible passwords that we can think of, to no avail.

Is there a way to blow away the old password or even blow away the NSS Database and create a new one?  We need a new certificate installed ASAP to be able to move forward with a big project, so this is an issue with a lot of visibility.
There is no way to change it if you don't know the old password (afaik), you must start over from scratch.  Hopefully you don't need any of the old certs. 

To remove the current NSS database do the following:

[1]  Stop the server
[2]  Remove all the *.db files from /etc/dirsrv/slapd-YOUR_INSTANCE
[3]  Create NSS database and add CA and Server certs via certutil
[4]  I would suggest using a pin.txt file, see the admin guide for more info on this.
[4]  Start the server


Note - Use the same server certificate nickname as the old server cert - it has to match the existing config (or change the existing config to match whatever certificate nickname you use):

dn: cn=RSA,cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert     <--  This is the cert nickname and it must match what you use when you import the server certificate.
nsSSLActivation: on
nsSSLToken: internal (software)

Hope that helps,

Mark




Any help is appreciated!!

-Cassandra

Cassandra Reed
978-762-4222
EDP Systems Analyst III
North Shore Community College
1 Ferncroft Road, Danvers MA 01923


_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/IZO5DAZUOMFLLBZHDLK3BV5IKODQZRPP/


_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/message/QKWH3VYOIPXYLM72E2F7OFU7SXFS7YOY/
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux