certutil is one of the utility from Mozilla's NSS project.
Check this page out for certutil usage:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
Regarding to your error, can you make sure you run certutil in
your alias directory, and check if you have files named
slapd-myserver-cert8.db, slapd-myserver-key3.db.
-L specifies the directory where you have your security databases
(cert8.db, key3.db, secmod.db)
-P specifies the prefix to the security database files
thomas
Glenn wrote:
Thanks to all for the quick replies. The problem was indeed that the
correct nickname is "server-cert", not "Server-Cert". I am sure I
tried
this yesterday, but I guess that was yesterday. This command does not work:
certutil -L -d . -P slapd-myserver-
It returns this error:
certutil-bin: NSS_Initialize failed: An I/O error occurred during security
authorization.
Part of the difficulty with certificates seems to be that the documentation
for the utilities is so sparse. If I knew that the nickname referred to the
name of a certificate rather than the name of the database file, this might
have been helpful.
I checked up2date, and it did download something called "nss-ldap", but this
does not seem to have made a difference.
I would like to be able to use certutil, so if you can think of any reasons
why it is not working, please share. Thanks again for your help. -Glenn.
---------- Original Message -----------
From: Thomas Kwan <nkwan(a)redhat.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Wed, 15 Nov 2006 08:23:59 -0800
Subject: Re: [Fedora-directory-users] pk12util error
>are you sure you have the certificate (and key) named Server-Cert?
>You can check by doing a certutil -d . -P slapd-myserver- -L in
>the alias directory.
>
>I just created an empty security database, and did a pk12util.
>It correctly reported your error.
>
>---
>[root@cseng tmp]# certutil -d . -N
>Enter a password which will be used to encrypt your keys.
>The password should be at least 8 characters long,
>and should contain at least one non-alphabetic character.
>
>Enter new password:
>Re-enter password:
>[root@cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
>Enter Password or Pin for "NSS Certificate DB":
>pk12util: find user certs from nickname failed: security library:
>bad database.
>---
>
>thomas
>
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users