Re: SSL on console

[Fernando Fuentes <ffuentes@xxxxxxxxxxx>]

Marc,

Here is what I get:

[root@hypersouth SSL]# pk12util -i hypersouth-net.p12 
/etc/dirsrv/slapd-hypersouth/ -W password
pk12util: function failed: SEC_ERROR_LEGACY_DATABASE: The 
certificate/key database is in an old, unsupported format.
[root@hypersouth SSL]#

Regards,

Fernando Fuentes
Supervisor & Senior Systems Administrator
Email: ffuentes@xxxxxxxxxxx
 
American Alloy Steel, Inc.
Houston, Texas
Website: http://www.aasteel.com
 
Phone: 713-744-4222
Fax:   713-300-5688

On 8/22/19 2:31 AM, Marc Muehlfeld wrote:
> Hi Fernando,
>
> On 8/22/19 5:21 AM, Fernando Fuentes wrote:
> > Is there a how to for this procedure?
>
> ## Convert to PKCS#12:
> # openssl pkcs12 -export -out demo.p12 -inkey 
> pki/private/demo.example.com.key -in pki/issued/demo.example.com.crt
> Enter pass phrase for pki/private/demo.example.com.key:
> Enter Export Password:
> Verifying - Enter Export Password:
>
> # Import to DS NSS DB:
> # pk12util -i demo.p12 -d /etc/dirsrv/slapd-instance_name/ -W password
> Enter Password or Pin for "NSS Certificate DB":
> pk12util: no nickname for cert in PKCS12 file.
> pk12util: using nickname: demo.example.com
> pk12util: PKCS12 IMPORT SUCCESSFUL
>
>
> ## Display the imported cert:
> # certutil -d /etc/dirsrv/slapd-instance_name/ -L
>
> Certificate Nickname                                         Trust 
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> demo.example.com                                             u,u,u
>
>
> ## Display the imported private key:
> # certutil -d /etc/dirsrv/slapd-instance_name/ -K
> certutil: Checking token "NSS Certificate DB" in slot "NSS User 
> Private Key and Certificate Services"
> Enter Password or Pin for "NSS Certificate DB":
> < 0> rsa      ec30598b2107c71dd69494d51d7de6ef0e57ffbe demo.example.com
>
>
>
> Please let me know if it works, and DS does not complain about it when 
> you use the key/cert.
>
>
> Regards,
> Marc
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx