Re: Setting a self ssl certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steven Jones wrote:

Errors while following,

http://directory.fedoraproject.org/wiki/Howto:SSL

# ../shared/bin/certutil -S -n "CA certificate" -s \

"cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z noise.txt -f \
pwdfile.txt
Generating key. This may take a few moments... certutil-bin: could not obtain certificate from file: DER-encoded 
message contained extra unused data.
I've never seen this error message before. I'm not sure what it means. Do you have a cert8.db and a key3.db in this directory? They should have been created by a previous step. 
Does this mean anything?

Followed by this error,

[root@vuwunicvfdsm001 alias]# ../shared/bin/certutil -S -n "Server-Cert"
-s\

"cn=vuw.ac.nz" -c "CA certificate" -t "u,u,u" -m 1001 -v \
120 -d . -z noise.txt -f pwdfile.txt
Generating key. This may take a few moments... certutil-bin: could not find certificate named "CA certificate": 
security library: bad database.
certutil-bin: unable to create cert (security library: bad database.)
[root@vuwunicvfdsm001 alias]#

Does this mean anything?
It means the previous step failed, and you cannot continue until it is resolved. 
The contents of alias/ are,

[root@vuwunicvfdsm001 alias]# ls -l
total 608
-rw-------  1 nobody nobody  65536 Sep 14 09:27
admin-serv-vuwunicvfdsm001-cert8.db
-rw-------  1 nobody nobody  16384 Sep 14 09:27
admin-serv-vuwunicvfdsm001-key3.db
-rw-------  1 root   root    65536 Sep 14 09:46 cert8.db
-rw-------  1 root   root    16384 Sep 14 09:46 key3.db
-rwxr-xr-x  1 nobody nobody 239744 Nov  8  2006 libnssckbi.so
-rw-r--r--  1 nobody nobody     62 Sep 14 09:44 noise.txt
-rw-------  1 nobody nobody  65536 Sep 13 15:43
orig-slapd-vuwunicvfdsm001-cert8.db
-rw-------  1 nobody nobody  16384 Sep 13 15:43
orig-slapd-vuwunicvfdsm001-key3.db
-rw-r--r--  1 nobody nobody      9 Sep 13 15:43 pwdfile.txt
-rw-------  1 nobody nobody  16384 Sep 13 15:33 secmod.db
-rw-------  1 nobody nobody  65536 Sep 13 15:33
slapd-vuwunicvfdsm001-cert8.db
-rw-------  1 nobody nobody  16384 Sep 14 09:29
slapd-vuwunicvfdsm001-key3.db
-rw-r-----  1 nobody nobody    416 Sep 14 09:27 tempcert
-rw-r-----  1 nobody nobody    345 Sep 14 09:27 tempcertreq

It is possible that since I generated some keys earlier there is some
"residue" that needs removing?

That's possible.
Did you already have a CA certificate?

Secmod.db?

Generated automatically by NSS if it doesn't exist.

Tempcert?
Tempcertreq?

Not sure what these are.

Regards

Steven

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux