William,
Delete the CA and re-added it and worked. We are back in business.
Thanks for all your help!
On 8/22/19 11:27 PM, Fernando Fuentes wrote:
William,
I got a bit further!
I follow this:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/AdminServerConfig#Using-the-DS-Key-Cert-for-Admin-Server
And I added the password.conf part and it seem to have work. BUT I got:
[Thu Aug 22 18:23:27.181517 2019] [:info] [pid 2037:tid
140514400127104] Using nickname hypersouthCert.
[Thu Aug 22 18:23:27.181838 2019] [:error] [pid 2037:tid
140514400127104] SSL Library Error: -8179 Certificate is signed by an
unknown issuer
[Thu Aug 22 18:23:27.181857 2019] [:error] [pid 2037:tid
140514400127104] Unable to verify certificate 'hypersouthCert'. Add
"NSSEnforceValidCerts off" to nss.conf so the server can start until
the problem can be resolved.
I added the suggested portion and it started.
Funny though I imported my CA. Any ideas?
Thanks!
On 8/22/19 11:18 PM, William Brown wrote:
It might be best to wait for Mark Reynolds to have a look, he's the
admin server expert :)
On 23 Aug 2019, at 14:13, Fernando Fuentes <ffuentes@xxxxxxxxxxx>
wrote:
William,
Understood, But it still does not do anything for me. I keep getting
the same error.
I am not sure is even been loaded.
Is there a way i can find that is looking for this pin file?
Thanks!
On 8/22/19 11:10 PM, William Brown wrote:
Yes, but that format of the pin.txt is what svrcore experts when
you start the admin server.
pin.txt -> svrcore -> admin server
pwdfile.txt -> certutil
They do seperate things :)
It's lovely and confusing :)
On 23 Aug 2019, at 13:17, Fernando Fuentes <ffuentes@xxxxxxxxxxx>
wrote:
William,
Thanks for your reply.
If I use the pin file with that format I get:
[root@hypersouth admin-serv]# certutil -K -d . -f pin.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User
Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.:
SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
[root@hypersouth admin-serv]#
On 8/22/19 10:14 PM, William Brown wrote:
Try /etc/dirsrv/admin-serv/pin.txt with the format:
Internal (Software) Token:PASSWORD
On 23 Aug 2019, at 13:12, Fernando Fuentes
<ffuentes@xxxxxxxxxxx> wrote:
Just to show that I got the password right :)
[root@hypersouth admin-serv]# certutil -K -d . -f pwdfile.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User
Private Key and Certificate Services"
< 0> rsa ec05a16fff5a6756702d91a127e4a5dbf8e93380 hypersouthCert
[root@hypersouth admin-serv]#
On 8/22/19 9:53 PM, Fernando Fuentes wrote:
William,
Thank you for your help.
There is something seriously wrong when importing certs and
enabling ssl in the admin console. I did a full fresh install
of 389 and I get the same error:
[Thu Aug 22 16:46:59.824914 2019] [:error] [pid 12634:tid
140387102636160] Password for slot internal is incorrect.
[Thu Aug 22 16:46:59.825384 2019] [:error] [pid 12634:tid
140387102636160] NSS initialization failed. Certificate
database: /etc/dirsrv/admin-serv.
[Thu Aug 22 16:46:59.825399 2019] [:error] [pid 12634:tid
140387102636160] SSL Library Error: -8177 The security password
entered is incorrect
This not because I forgot the password nor I am not setting the
pin files..... No matter what I do or what I set (pin.txt or
password.conf) It wont start and complains about the same error.
I have reloaded my OS like 5 Times and restarted the whole
process to allways end up here with this same error.
SSL Works for the dirsrv, I can restart just fine.
SSL does not work for the admin console.
Is this a bug?
How can I revert back the admin console to normal?
I try to restore a backup of my admin-serv folder and start it
and works but when I open the console, the console display the
status of the admin server as stopped even though its started
and I can loging using the console.
On 8/22/19 9:02 PM, William Brown wrote:
echo "Internal (Software) Token:PASSWORD" > pin.txt
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx