Yay! I'm glad this got you moving, and you are back in business! Hope I helped!
On 23 Aug 2019, at 14:37, Fernando Fuentes
<ffuentes(a)aasteel.com> wrote:
William,
Delete the CA and re-added it and worked. We are back in business.
Thanks for all your help!
On 8/22/19 11:27 PM, Fernando Fuentes wrote:
> William,
>
> I got a bit further!
>
> I follow this:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
>
> And I added the password.conf part and it seem to have work. BUT I got:
>
> [Thu Aug 22 18:23:27.181517 2019] [:info] [pid 2037:tid 140514400127104] Using
nickname hypersouthCert.
> [Thu Aug 22 18:23:27.181838 2019] [:error] [pid 2037:tid 140514400127104] SSL Library
Error: -8179 Certificate is signed by an unknown issuer
> [Thu Aug 22 18:23:27.181857 2019] [:error] [pid 2037:tid 140514400127104] Unable to
verify certificate 'hypersouthCert'. Add "NSSEnforceValidCerts off" to
nss.conf so the server can start until the problem can be resolved.
>
> I added the suggested portion and it started.
> Funny though I imported my CA. Any ideas?
>
> Thanks!
>
> On 8/22/19 11:18 PM, William Brown wrote:
>> It might be best to wait for Mark Reynolds to have a look, he's the admin
server expert :)
>>
>>> On 23 Aug 2019, at 14:13, Fernando Fuentes <ffuentes(a)aasteel.com>
wrote:
>>>
>>> William,
>>>
>>> Understood, But it still does not do anything for me. I keep getting the same
error.
>>> I am not sure is even been loaded.
>>>
>>> Is there a way i can find that is looking for this pin file?
>>>
>>> Thanks!
>>>
>>> On 8/22/19 11:10 PM, William Brown wrote:
>>>> Yes, but that format of the pin.txt is what svrcore experts when you
start the admin server.
>>>>
>>>> pin.txt -> svrcore -> admin server
>>>> pwdfile.txt -> certutil
>>>>
>>>> They do seperate things :)
>>>>
>>>> It's lovely and confusing :)
>>>>
>>>>> On 23 Aug 2019, at 13:17, Fernando Fuentes
<ffuentes(a)aasteel.com> wrote:
>>>>>
>>>>> William,
>>>>>
>>>>> Thanks for your reply.
>>>>> If I use the pin file with that format I get:
>>>>>
>>>>> [root@hypersouth admin-serv]# certutil -K -d . -f pin.txt
>>>>> certutil: Checking token "NSS Certificate DB" in slot
"NSS User Private Key and Certificate Services"
>>>>> Incorrect password/PIN entered.
>>>>> certutil: could not authenticate to token NSS Certificate DB.:
SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
>>>>> [root@hypersouth admin-serv]#
>>>>>
>>>>>
>>>>> On 8/22/19 10:14 PM, William Brown wrote:
>>>>>> Try /etc/dirsrv/admin-serv/pin.txt with the format:
>>>>>>
>>>>>> Internal (Software) Token:PASSWORD
>>>>>>
>>>>>>> On 23 Aug 2019, at 13:12, Fernando Fuentes
<ffuentes(a)aasteel.com> wrote:
>>>>>>>
>>>>>>> Just to show that I got the password right :)
>>>>>>>
>>>>>>> [root@hypersouth admin-serv]# certutil -K -d . -f
pwdfile.txt
>>>>>>> certutil: Checking token "NSS Certificate DB" in
slot "NSS User Private Key and Certificate Services"
>>>>>>> < 0> rsa ec05a16fff5a6756702d91a127e4a5dbf8e93380
hypersouthCert
>>>>>>> [root@hypersouth admin-serv]#
>>>>>>>
>>>>>>> On 8/22/19 9:53 PM, Fernando Fuentes wrote:
>>>>>>>> William,
>>>>>>>>
>>>>>>>> Thank you for your help.
>>>>>>>>
>>>>>>>> There is something seriously wrong when importing certs
and enabling ssl in the admin console. I did a full fresh install of 389 and I get the
same error:
>>>>>>>>
>>>>>>>> [Thu Aug 22 16:46:59.824914 2019] [:error] [pid 12634:tid
140387102636160] Password for slot internal is incorrect.
>>>>>>>> [Thu Aug 22 16:46:59.825384 2019] [:error] [pid 12634:tid
140387102636160] NSS initialization failed. Certificate database: /etc/dirsrv/admin-serv.
>>>>>>>> [Thu Aug 22 16:46:59.825399 2019] [:error] [pid 12634:tid
140387102636160] SSL Library Error: -8177 The security password entered is incorrect
>>>>>>>>
>>>>>>>> This not because I forgot the password nor I am not
setting the pin files..... No matter what I do or what I set (pin.txt or password.conf) It
wont start and complains about the same error.
>>>>>>>>
>>>>>>>> I have reloaded my OS like 5 Times and restarted the
whole process to allways end up here with this same error.
>>>>>>>>
>>>>>>>> SSL Works for the dirsrv, I can restart just fine.
>>>>>>>> SSL does not work for the admin console.
>>>>>>>>
>>>>>>>> Is this a bug?
>>>>>>>>
>>>>>>>> How can I revert back the admin console to normal?
>>>>>>>> I try to restore a backup of my admin-serv folder and
start it and works but when I open the console, the console display the status of the
admin server as stopped even though its started and I can loging using the console.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 8/22/19 9:02 PM, William Brown wrote:
>>>>>>>>> echo "Internal (Software) Token:PASSWORD"
> pin.txt
>>>>>>>> _______________________________________________
>>>>>>>> 389-users mailing list --
389-users(a)lists.fedoraproject.org
>>>>>>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>>>>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>>>> _______________________________________________
>>>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>>>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>>> —
>>>>>> Sincerely,
>>>>>>
>>>>>> William Brown
>>>>>>
>>>>>> Senior Software Engineer, 389 Directory Server
>>>>>> SUSE Labs
>>>>>> _______________________________________________
>>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>> _______________________________________________
>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>> To unsubscribe send an email to
389-users-leave(a)lists.fedoraproject.org
>>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>> —
>>>> Sincerely,
>>>>
>>>> William Brown
>>>>
>>>> Senior Software Engineer, 389 Directory Server
>>>> SUSE Labs
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>> _______________________________________________
>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs