NSS which stores the certificates requires a password for it's database. If you look in /etc/dirsrv/admin-serv you'll see files like: secmod.db key3.db key4.db cert8.db cert9.db pkcs11.txt These are the NSS database files. They store their material encrypted, which is why a password is prompted for. With Directory Server, we normally handle this by having a pin.txt in the same directory that can unlock this automatically at startup. For example, from a demo instance: -rw------- 1 dirsrv dirsrv 36864 Aug 14 14:28 key4.db -rw------- 1 dirsrv dirsrv 91 Aug 14 14:28 pin.txt -rw------- 1 dirsrv dirsrv 571 Aug 20 12:46 pkcs11.txt The format is: Internal (Software) Token:PASSWORD When you were setting up the admin server, you may have been asked to import TLS keys, and this would have asked for an NSS password. This is the password you want in pin.txt for the startup. Alternately, I think you can use systemd-ask-pass to provide this (but it's been a while since I did this so I'm hazy on the details). As a simple guess of things to try, copy pin.txt from your directory server instance to the admin-serv dir and try to start it. Alternately, you can reset the nssdb and re-import the TLS keys and certs, this time keeping the pw. cd /etc/dirsrv/admin-serv echo "password" > pwdfile.txt echo "Internal (Software) Token:PASSWORD" > pin.txt certutil -D -d . certutil -N -d . -f pwdfile.txt ... other import actions here. A good source of info is my blog where I maintain a TLS help guide: https://fy.blackhats.net.au/blog/html/pages/nss_and_openssl_command_reference.html Thanks, and I hope this helps, > On 23 Aug 2019, at 11:17, Fernando Fuentes <ffuentes@xxxxxxxxxxx> wrote: > > After getting everything working I was able to enable SSL on the console. > But now the console is unable to start with the error: > > [Thu Aug 22 15:15:35.680397 2019] [:error] [pid 25091:tid 139708987033728] Password for slot internal is incorrect. > [Thu Aug 22 15:15:35.680824 2019] [:error] [pid 25091:tid 139708987033728] NSS initialization failed. Certificate database: /etc/dirsrv/admin-serv. > [Thu Aug 22 15:15:35.680841 2019] [:error] [pid 25091:tid 139708987033728] SSL Library Error: -8177 The security password entered is incorrect > > > What password is this talking about? All of the password entered are correct... I am confused... :( > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
