[389-users] Existing certificate error

mallapadi niranjan niranjan.ashok at gmail.com
Mon Aug 8 13:36:40 UTC 2011 

On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu at gmail.com>wrote:

> Hi Niranjan,
>
> Password we have used while creating the certificate, that is not
> accepting. this is the problem.
>
> @Rob,
>
> We have the certificate in .p12 format and in that all are integrated.
> generally if you imported from .p12 everything should work.
>
> This is where i am struck and still facing the same issues.
>
> Regards,
> Varad
>

Greetings,

Does the  pkcs12 file has a password,  do you remember the password of the
.pk12 file ?

If so you can try the below

Important, please take backup of /etc/dirsrv before attempting and also stop
directory service
#service dirsrv stop


take the backup of NSS database file in /etc/dirsrv


$mv *.db /tmp/mybackup

$cd /etc/dirsrv
Create a new database
$certutila -N -d /etc/dirsrv

Import the certificates from pk12 file
$pk12util -d . -i <file-name>-n <nick-name>

The nick-name is generally "server-cert", You can verify this by listing the
contents from the existing directory
$certutil -L -d  /tmp/mybackup

You might have to re-import the CA certificate if required,
$certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"

Regards
Niranjan



>
>
>
> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>
>> s.varadha rajan wrote:
>>
>>> Hi,
>>>
>>> We are planning to configure ssl enabled Fedora directory server.we have
>>> a proper signed certificate.while importing, it is asking "Enter the
>>> password to access the Token" ? like that. even though we have given the
>>> exact password, while creating the certificate but it is not working.
>>> I referred wiki fedora doc also but getting this error. How to use
>>> existing certificate and enable secure ldap server.
>>>
>>> I have already posted the same question but nobody is reply
>>>
>>> Regards,
>>> Varad
>>>
>>
>> Did you import the cert's private key too?
>>
>> rob
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110808/768e02f3/attachment.html>

More information about the 389-users mailing list