Yay! I'm glad this got you moving, and you are back in business! Hope I helped! > On 23 Aug 2019, at 14:37, Fernando Fuentes <ffuentes@xxxxxxxxxxx> wrote: > > William, > > Delete the CA and re-added it and worked. We are back in business. > > Thanks for all your help! > > On 8/22/19 11:27 PM, Fernando Fuentes wrote: >> William, >> >> I got a bit further! >> >> I follow this: https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/AdminServerConfig#Using-the-DS-Key-Cert-for-Admin-Server >> >> And I added the password.conf part and it seem to have work. BUT I got: >> >> [Thu Aug 22 18:23:27.181517 2019] [:info] [pid 2037:tid 140514400127104] Using nickname hypersouthCert. >> [Thu Aug 22 18:23:27.181838 2019] [:error] [pid 2037:tid 140514400127104] SSL Library Error: -8179 Certificate is signed by an unknown issuer >> [Thu Aug 22 18:23:27.181857 2019] [:error] [pid 2037:tid 140514400127104] Unable to verify certificate 'hypersouthCert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved. >> >> I added the suggested portion and it started. >> Funny though I imported my CA. Any ideas? >> >> Thanks! >> >> On 8/22/19 11:18 PM, William Brown wrote: >>> It might be best to wait for Mark Reynolds to have a look, he's the admin server expert :) >>> >>>> On 23 Aug 2019, at 14:13, Fernando Fuentes <ffuentes@xxxxxxxxxxx> wrote: >>>> >>>> William, >>>> >>>> Understood, But it still does not do anything for me. I keep getting the same error. >>>> I am not sure is even been loaded. >>>> >>>> Is there a way i can find that is looking for this pin file? >>>> >>>> Thanks! >>>> >>>> On 8/22/19 11:10 PM, William Brown wrote: >>>>> Yes, but that format of the pin.txt is what svrcore experts when you start the admin server. >>>>> >>>>> pin.txt -> svrcore -> admin server >>>>> pwdfile.txt -> certutil >>>>> >>>>> They do seperate things :) >>>>> >>>>> It's lovely and confusing :) >>>>> >>>>>> On 23 Aug 2019, at 13:17, Fernando Fuentes <ffuentes@xxxxxxxxxxx> wrote: >>>>>> >>>>>> William, >>>>>> >>>>>> Thanks for your reply. >>>>>> If I use the pin file with that format I get: >>>>>> >>>>>> [root@hypersouth admin-serv]# certutil -K -d . -f pin.txt >>>>>> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" >>>>>> Incorrect password/PIN entered. >>>>>> certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect. >>>>>> [root@hypersouth admin-serv]# >>>>>> >>>>>> >>>>>> On 8/22/19 10:14 PM, William Brown wrote: >>>>>>> Try /etc/dirsrv/admin-serv/pin.txt with the format: >>>>>>> >>>>>>> Internal (Software) Token:PASSWORD >>>>>>> >>>>>>>> On 23 Aug 2019, at 13:12, Fernando Fuentes <ffuentes@xxxxxxxxxxx> wrote: >>>>>>>> >>>>>>>> Just to show that I got the password right :) >>>>>>>> >>>>>>>> [root@hypersouth admin-serv]# certutil -K -d . -f pwdfile.txt >>>>>>>> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" >>>>>>>> < 0> rsa ec05a16fff5a6756702d91a127e4a5dbf8e93380 hypersouthCert >>>>>>>> [root@hypersouth admin-serv]# >>>>>>>> >>>>>>>> On 8/22/19 9:53 PM, Fernando Fuentes wrote: >>>>>>>>> William, >>>>>>>>> >>>>>>>>> Thank you for your help. >>>>>>>>> >>>>>>>>> There is something seriously wrong when importing certs and enabling ssl in the admin console. I did a full fresh install of 389 and I get the same error: >>>>>>>>> >>>>>>>>> [Thu Aug 22 16:46:59.824914 2019] [:error] [pid 12634:tid 140387102636160] Password for slot internal is incorrect. >>>>>>>>> [Thu Aug 22 16:46:59.825384 2019] [:error] [pid 12634:tid 140387102636160] NSS initialization failed. Certificate database: /etc/dirsrv/admin-serv. >>>>>>>>> [Thu Aug 22 16:46:59.825399 2019] [:error] [pid 12634:tid 140387102636160] SSL Library Error: -8177 The security password entered is incorrect >>>>>>>>> >>>>>>>>> This not because I forgot the password nor I am not setting the pin files..... No matter what I do or what I set (pin.txt or password.conf) It wont start and complains about the same error. >>>>>>>>> >>>>>>>>> I have reloaded my OS like 5 Times and restarted the whole process to allways end up here with this same error. >>>>>>>>> >>>>>>>>> SSL Works for the dirsrv, I can restart just fine. >>>>>>>>> SSL does not work for the admin console. >>>>>>>>> >>>>>>>>> Is this a bug? >>>>>>>>> >>>>>>>>> How can I revert back the admin console to normal? >>>>>>>>> I try to restore a backup of my admin-serv folder and start it and works but when I open the console, the console display the status of the admin server as stopped even though its started and I can loging using the console. >>>>>>>>> >>>>>>>>> >>>>>>>>> On 8/22/19 9:02 PM, William Brown wrote: >>>>>>>>>> echo "Internal (Software) Token:PASSWORD" > pin.txt >>>>>>>>> _______________________________________________ >>>>>>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>> _______________________________________________ >>>>>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>> — >>>>>>> Sincerely, >>>>>>> >>>>>>> William Brown >>>>>>> >>>>>>> Senior Software Engineer, 389 Directory Server >>>>>>> SUSE Labs >>>>>>> _______________________________________________ >>>>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> _______________________________________________ >>>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> — >>>>> Sincerely, >>>>> >>>>> William Brown >>>>> >>>>> Senior Software Engineer, 389 Directory Server >>>>> SUSE Labs >>>>> _______________________________________________ >>>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>> _______________________________________________ >>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> — >>> Sincerely, >>> >>> William Brown >>> >>> Senior Software Engineer, 389 Directory Server >>> SUSE Labs >>> _______________________________________________ >>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx >> _______________________________________________ >> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
