[389-users] 389 DS 1.2.6. and certificates
Rich Megginson
rmeggins at redhat.com
Tue Sep 28 15:04:45 UTC 2010
Reinhard Nappert wrote:
> Hi,
> I built and installed the 389 Directory Server 1.2.6 on CentOS 4.4.
Do you mean 5.5? Or did you build it yourself?
> The server works fine.
> Then, I generated the certs (using certutil) and imported them in the
> cert-store. The certs are generated basically generated by the
> setupssl2.sh script. When I list the certs afterwards, everything
> looks fine:
>
> certutil -L -d /etc/dirsrv/<dir-instance>
> CA certificate CTu,u,u
> <hostname> u,u,u
> However, when I restart the server, I get the following error and the
> server does not come up anymore:
> [28/Sep/2010:10:45:40 -0400] - SSL alert: Security Initialization: NSS
> initialization failed (Netscape Portable Runtime error -8174 -
> security library: bad database.): certdir: /etc/dirsrv/<dir-instance>
>
> Not surprisingly, the certutil -L -d .... comes up with the same error:
> certutil: function failed: security library: bad database.
>
> Any idea, what goes wrong there?
Not sure. After running the script to generate the certs, can you
change the cert8.db, key3.db, and secmod.db files to be read only (mode
0400), before starting the directory server? Does that help?
>
> Thanks,
> -Reinhard
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list