Trey Sheldon wrote:
Hello all,
I've been evaluating and prepping to deploy 389 for a couple months
now and while working on my final deployment I've run into a snag...
I created two servers and successfully enabled SSL on them. I'm
attempting to create a third using the exact same procedure and can't
seem to get SSL enabled.
I used the admin-gui to install the request / install the certs and
roots.
##WORKING
#certutil -L -d .
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Metaweb Root Certificate CT,,
Metaweb Host Root Certificate CT,,
server-cert u,u,u
# certutil -L -d . -n server-cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 88 (0x58)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: ........ <full certificate>
## NOT WORKING
# certutil -L -d .
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Metaweb Root Certificate CT,,
Metaweb Host Root Certificate CT,,
server-cert u,u,u
# certutil -L -d . -n server-cert
certutil: Could not find: server-cert
: security library: bad database.
It means the nick-name provided to certutil does not exist in the NSS db.
Aside cert8.db, key3.db, secmod.db files and directory permissions,
reading the 2 root certificates from this specific NSS db directory for
sanity check, is it possible the string "server-cert" that you expect
for the nickname was stored with some extra spaces appended to it?...
Is the cert visible in the console?
Any specific errors in the console when you try to install the cert or
enable SSL?
These systems are automatically deployed and configured and should
have identical package revisions and configurations. I'm at a blank
to what is causing the problem. Any insight that people have would
be *greatly* appreciated.
Sincerely,
Trey SHeldon
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
