Re: [389-users] 389 certificate issues...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/02/2009 05:30 PM, Marc Sauton wrote:
Trey Sheldon wrote:
Hello all,

I've been evaluating and prepping to deploy 389 for a couple months now and while working on my final deployment I've run into a snag...

I created two servers and successfully enabled SSL on them. I'm attempting to create a third using the exact same procedure and can't seem to get SSL enabled.

I used the admin-gui to install the request / install the certs and roots.

##WORKING
#certutil -L -d .
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
Metaweb Root Certificate                                     CT,,
Metaweb Host Root Certificate                                CT,,
server-cert                                                  u,u,u

# certutil -L -d . -n server-cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 88 (0x58)
        Signature Algorithm: PKCS #1 MD5 With RSA Encryption
    Issuer: ........ <full certificate>

## NOT WORKING
# certutil -L -d .
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
Metaweb Root Certificate                                     CT,,
Metaweb Host Root Certificate                                CT,,
server-cert                                                  u,u,u

# certutil -L -d . -n server-cert
certutil: Could not find: server-cert
: security library: bad database.

It means the nick-name provided to certutil does not exist in the NSS db.

certutil -X -d . (might help as it tries to open the db in write mode)...

Aside cert8.db, key3.db, secmod.db files and directory permissions, reading the 2 root certificates from this specific NSS db directory for sanity check, is it possible the string "server-cert" that you expect for the nickname was stored with some extra spaces appended to it?...
Is the cert visible in the console?
Any specific errors in the console when you try to install the cert or enable SSL?

These systems are automatically deployed and configured and should have identical package revisions and configurations. I'm at a blank to what is causing the problem. Any insight that people have would be *greatly* appreciated.

Sincerely,
Trey SHeldon

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux