Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Greetings,
When clicking on "Manage certificates" From console for the first time, it would ask to set a password. after which you can create/request or import certificates.
The certificates are stored in NSS database in /etc/dirsrv/slapd-<instance-name>
So you need to know what was the original password that was set when you clicked on Manage certificates in Directory Server for the first time.
Regards Niranjan
2011/8/5 s.varadha rajan rajanvaradhu@gmail.com
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Did you import the cert's private key too?
rob
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting. this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards, Varad
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcritten@redhat.com wrote:
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Did you import the cert's private key too?
rob
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvaradhu@gmail.comwrote:
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting. this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards, Varad
Greetings,
Does the pkcs12 file has a password, do you remember the password of the .pk12 file ?
If so you can try the below
Important, please take backup of /etc/dirsrv before attempting and also stop directory service #service dirsrv stop
take the backup of NSS database file in /etc/dirsrv
$mv *.db /tmp/mybackup
$cd /etc/dirsrv Create a new database $certutila -N -d /etc/dirsrv
Import the certificates from pk12 file $pk12util -d . -i <file-name>-n <nick-name>
The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory $certutil -L -d /tmp/mybackup
You might have to re-import the CA certificate if required, $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards Niranjan
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcritten@redhat.comwrote:
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Did you import the cert's private key too?
rob
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error,
* Starting 389 Directory Server instances : [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed. * *** Warning: 1 instance(s) failed to start... [fail]
Any idea further please...
Regards, Varad
2011/8/8 mallapadi niranjan niranjan.ashok@gmail.com
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvaradhu@gmail.comwrote:
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting. this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards, Varad
Greetings,
Does the pkcs12 file has a password, do you remember the password of the .pk12 file ?
If so you can try the below
Important, please take backup of /etc/dirsrv before attempting and also stop directory service #service dirsrv stop
take the backup of NSS database file in /etc/dirsrv
$mv *.db /tmp/mybackup
$cd /etc/dirsrv Create a new database $certutila -N -d /etc/dirsrv
Import the certificates from pk12 file $pk12util -d . -i <file-name>-n <nick-name>
The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory $certutil -L -d /tmp/mybackup
You might have to re-import the CA certificate if required, $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards Niranjan
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcritten@redhat.comwrote:
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Did you import the cert's private key too?
rob
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
corresponding http://directory.fedoraproject.org/wiki/Howto:SSL your /etc/dirserv/slapd-<inst>/pin.txt file has to contain:
internal:<your-password>
Please check the syntax
Regards Carsten
----- Ursprüngliche Nachricht ----- Von: "s.varadha rajan" rajanvaradhu@gmail.com Datum: Dienstag, 9. August 2011, 11:16 Betreff: Re: [389-users] Existing certificate error An: "General discussion list for the 389 Directory server project." 389-users@lists.fedoraproject.org
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error,
- Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
- *** Warning: 1 instance(s) failed to start... [fail]
Any idea further please...
Regards, Varad
2011/8/8 mallapadi niranjan niranjan.ashok@gmail.com
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvaradhu@gmail.com wrote:
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting. this is the problem.> @Rob,> We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.> Regards,> Varad> Greetings, > Does the pkcs12 file has a password, do you remember the password of the .pk12 file ?
If so you can try the below > Important, please take backup of /etc/dirsrv before attempting and also stop directory service > #service dirsrv stop >
take the backup of NSS database file in /etc/dirsrv >
$mv *.db /tmp/mybackup > $cd /etc/dirsrv > Create a new database >
$certutila -N -d /etc/dirsrv>
Import the certificates from pk12 file > $pk12util -d . -i <file-name>-n <nick-name>> The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory
$certutil -L -d /tmp/mybackup > You might have to re-import the CA certificate if required, > $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards> Niranjan>
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcritten@redhat.com wrote:
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have
a proper signed certificate.while importing, it is asking "Enter the
password to access the Token" ? like that. even though we have given the
exact password, while creating the certificate but it is not working.
I referred wiki fedora doc also but getting this error. How to use
existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards,
Varad
Did you import the cert's private key too?
rob
--
389 users mailing list
389-users@lists.fedoraproject.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Tue, Aug 9, 2011 at 2:46 PM, s.varadha rajan rajanvaradhu@gmail.comwrote:
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error,
- Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
- *** Warning: 1 instance(s) failed to start... [fail]
In my earlier mentioned commands , i had mentioned /etc/dirsrv, please replace this with /etc/dirsrv/slapd-<instance-name>/ and check the results.
Any idea further please...
Regards, Varad
2011/8/8 mallapadi niranjan niranjan.ashok@gmail.com
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvaradhu@gmail.comwrote:
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting. this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards, Varad
Greetings,
Does the pkcs12 file has a password, do you remember the password of the .pk12 file ?
If so you can try the below
Important, please take backup of /etc/dirsrv before attempting and also stop directory service #service dirsrv stop
take the backup of NSS database file in /etc/dirsrv
$mv *.db /tmp/mybackup
$cd /etc/dirsrv Create a new database $certutila -N -d /etc/dirsrv
Import the certificates from pk12 file $pk12util -d . -i <file-name>-n <nick-name>
The nick-name is generally "server-cert", You can verify this by listing the contents from the existing directory $certutil -L -d /tmp/mybackup
You might have to re-import the CA certificate if required, $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards Niranjan
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcritten@redhat.comwrote:
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking "Enter the password to access the Token" ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards, Varad
Did you import the cert's private key too?
rob
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org