are you sure you have the certificate (and key) named Server-Cert? You can check by doing a certutil -d . -P slapd-myserver- -L in the alias directory. I just created an empty security database, and did a pk12util. It correctly reported your error. --- [root@cseng tmp]# certutil -d . -N Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: [root@cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert Enter Password or Pin for "NSS Certificate DB":pk12util: find user certs from nickname failed: security library: bad database.
--- thomas Glenn wrote:
I'm trying to get Windows Sync working on an evaluation copy of Red Hat Directory Server 7.1 SP3. I am stuck at the step where you export the directory server's certificate to a file. I use this command:./pk12util -d . -P slapd-myserver- -o servercert.pfx -n Server-Cert The response is: Enter Password or Pin for "NSS Certificate DB" After I enter the password, I get this error message:pk12util-bin: find user certs from nickname failed: security library: bad database.I have followed all the instructions for setting up SSL in the directory server and the admin server several times. The server and CA certificates have been requested and installed. Everything looks correct in the console screens. The slapd-myserver-cert8.db and slapd-myserver-key3.db files exist. I got tired of retyping the path to the pk12util file, so I copied it to the alias directory containing the certificates and databases.What are some things I can try to get pk12util working? Or is there another way to export the certificate and key so that I can import them into the Windows certificate store? Could this be an NSS problem? Should I look for an NSS update?I will try just about anything, but the boss is real keen on using Red Hat, as he believes the longer development cycle will make it easier to maintain in the long run. However, if Fedora Directory Server is the only option that works, I may be able to present it that way. I apologize for the off- topic question, but there doesn't seem to be any support for the evaluation of RHDS. Thanks. -Glenn.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users