Hi,
I'm trying to renew a certificate in 389 server.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/ht...
I've created a new private key and CSR with
certutil -d /etc/dirsrv/slapd-instance/ -R -g 4096 -a \ -o /root/slapd-name.csr -8 name.fqdn \ -s "CN=name.fqdn,O=org,ST=State,C=CH"
I try to import it with
certutil -d /etc/dirsrv/slapd-instance/ -A \ -n "Server Cert" -t ",," -a -i /root/slapd-name.crt
But this results in "certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database."
If I try this using the GUI, I also get the NSS error code 8168
What exactly is the problem? It seems there is no "verbose" switch for certutil - or at least it's not documented.
389-admin-1.1.46-1.el7.x86_64 389-admin-console-1.1.12-1.el7.noarch 389-admin-console-doc-1.1.12-1.el7.noarch 389-adminutil-1.1.22-2.el7.x86_64 389-console-1.1.19-6.el7.noarch 389-ds-base-1.3.10.1-9.el7_8.x86_64 389-ds-base-libs-1.3.10.1-9.el7_8.x86_64 389-ds-base-snmp-1.3.10.1-9.el7_8.x86_64 389-ds-console-1.2.16-1.el7.noarch 389-ds-console-doc-1.2.16-1.el7.noarch
CentOS 7, 64bit.
Now, I tried to list the private keys with -K, I get
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
Is there documentation on how to upgrade the database?
Rainer