Hi Niranjan,<br><br>Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error,<br><br>* Starting 389 Directory Server instances : <br>[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.)<br>
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.<br>* *** Warning: 1 instance(s) failed to start... [fail] <br><br><br>Any idea further please...<br><br>Regards,<br>Varad<br><br><div class="gmail_quote">
2011/8/8 mallapadi niranjan <span dir="ltr"><<a href="mailto:niranjan.ashok@gmail.com">niranjan.ashok@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br><br><div class="gmail_quote"><div class="im">On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <span dir="ltr"><<a href="mailto:rajanvaradhu@gmail.com" target="_blank">rajanvaradhu@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi Niranjan,<div><br></div><div>Password we have used while creating the certificate, that is not accepting. this is the problem.</div><div><br></div><div>@Rob,</div><div><br></div><div>We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.</div>
<div><br></div><div>This is where i am struck and still facing the same issues.</div><div><br></div><div>Regards,</div><div>Varad</div></blockquote><div><br></div></div><div>Greetings, </div><div><br></div><div>Does the pkcs12 file has a password, do you remember the password of the .pk12 file ?</div>
<div><br></div><div>If so you can try the below </div><div><br></div><div>Important, please take backup of /etc/dirsrv before attempting and also stop directory service </div><div>#service dirsrv stop </div><div><br></div>
<div><br></div><div>take the backup of NSS database file in /etc/dirsrv </div><div><br></div><div><br></div><div>$mv *.db /tmp/mybackup </div><div><br></div><div>$cd /etc/dirsrv </div><div>Create a new database </div><div>
$certutila -N -d /etc/dirsrv</div><div><br></div><div>Import the certificates from pk12 file </div><div>$pk12util -d . -i <file-name>-n <nick-name></div><div><br></div><div>The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory </div>
<div>$certutil -L -d /tmp/mybackup </div><div><br></div><div>You might have to re-import the CA certificate if required, </div><div>$certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,," </div><div>
<br></div><div>Regards</div><div>Niranjan</div><div class="im"><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div><div><br>
</div><div><br></div><div><br><br><div class="gmail_quote">On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div><div></div><div>s.varadha rajan wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi,<br>
<br>
We are planning to configure ssl enabled Fedora directory server.we have<br>
a proper signed certificate.while importing, it is asking "Enter the<br>
password to access the Token" ? like that. even though we have given the<br>
exact password, while creating the certificate but it is not working.<br>
I referred wiki fedora doc also but getting this error. How to use<br>
existing certificate and enable secure ldap server.<br>
<br>
I have already posted the same question but nobody is reply<br>
<br>
Regards,<br>
Varad<br>
</blockquote>
<br></div></div>
Did you import the cert's private key too?<br><font color="#888888">
<br>
rob<br>
</font></blockquote></div><br></div>
</div></div></blockquote></div></div><br>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>