Reinhard Nappert wrote: > Hi, > I built and installed the 389 Directory Server 1.2.6 on CentOS 4.4. Do you mean 5.5? Or did you build it yourself? > The server works fine. > Then, I generated the certs (using certutil) and imported them in the > cert-store. The certs are generated basically generated by the > setupssl2.sh script. When I list the certs afterwards, everything > looks fine: > > certutil -L -d /etc/dirsrv/<dir-instance> > CA certificate CTu,u,u > <hostname> u,u,u > However, when I restart the server, I get the following error and the > server does not come up anymore: > [28/Sep/2010:10:45:40 -0400] - SSL alert: Security Initialization: NSS > initialization failed (Netscape Portable Runtime error -8174 - > security library: bad database.): certdir: /etc/dirsrv/<dir-instance> > > Not surprisingly, the certutil -L -d .... comes up with the same error: > certutil: function failed: security library: bad database. > > Any idea, what goes wrong there? Not sure. After running the script to generate the certs, can you change the cert8.db, key3.db, and secmod.db files to be read only (mode 0400), before starting the directory server? Does that help? > > Thanks, > -Reinhard > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users