I had a similar experience. Any modification to the database with certutil
suddenly made the legacy database error pop up. I assumed it was some
change in the underlying system or certutil utility. The cleanest way I was
able to get it to resolve it was to create a new, empty database in another
location and then use the --merge option to merge the original db into the
empty one. Then I could delete the old cert and add the new one without
issue.
--
Paul Engle
IAM Architect
Identity & Access Management
pengle@rice.edu 713-348-4702
On Mon, Aug 24, 2020 at 9:32 AM
rainer@ultra-secure.de wrote:
> Am 2020-08-24 16:13, schrieb Rob Crittenden:
> > Mark Reynolds wrote:
> >> I think the issue was that the new certificate "might" have had the
> >> same
> >> name as the old one?
> >
> > I suspect it's because a new private key was generated there are two
> > certs with the same name but different keys.
> >
> > To re-use the existing private key the easiest way is to simply retain
> > the original CSR and resubmit it when you need renewal. Or you can
> > regenerate it and specify -k <key_id> when you do so to re-use the key
> > rather than generating a new one.
> >
> > certutil -K -d /path/to/db to get list of keys.
>
>
>
> Ah, OK - thank you.
>
>
> I really just followed the documentation here - but I'll try that next
> time.
>
>
>
> Best Regards
> Rainer
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
>