William,
Delete the CA and re-added it and worked. We are back in business.
Thanks for all your help!
On 8/22/19 11:27 PM, Fernando Fuentes wrote:
William,
I got a bit further!
I follow this:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
And I added the password.conf part and it seem to have work. BUT I got:
[Thu Aug 22 18:23:27.181517 2019] [:info] [pid 2037:tid
140514400127104] Using nickname hypersouthCert.
[Thu Aug 22 18:23:27.181838 2019] [:error] [pid 2037:tid
140514400127104] SSL Library Error: -8179 Certificate is signed by an
unknown issuer
[Thu Aug 22 18:23:27.181857 2019] [:error] [pid 2037:tid
140514400127104] Unable to verify certificate 'hypersouthCert'. Add
"NSSEnforceValidCerts off" to nss.conf so the server can start until
the problem can be resolved.
I added the suggested portion and it started.
Funny though I imported my CA. Any ideas?
Thanks!
On 8/22/19 11:18 PM, William Brown wrote:
> It might be best to wait for Mark Reynolds to have a look, he's the
> admin server expert :)
>
>> On 23 Aug 2019, at 14:13, Fernando Fuentes <ffuentes(a)aasteel.com>
>> wrote:
>>
>> William,
>>
>> Understood, But it still does not do anything for me. I keep getting
>> the same error.
>> I am not sure is even been loaded.
>>
>> Is there a way i can find that is looking for this pin file?
>>
>> Thanks!
>>
>> On 8/22/19 11:10 PM, William Brown wrote:
>>> Yes, but that format of the pin.txt is what svrcore experts when
>>> you start the admin server.
>>>
>>> pin.txt -> svrcore -> admin server
>>> pwdfile.txt -> certutil
>>>
>>> They do seperate things :)
>>>
>>> It's lovely and confusing :)
>>>
>>>> On 23 Aug 2019, at 13:17, Fernando Fuentes <ffuentes(a)aasteel.com>
>>>> wrote:
>>>>
>>>> William,
>>>>
>>>> Thanks for your reply.
>>>> If I use the pin file with that format I get:
>>>>
>>>> [root@hypersouth admin-serv]# certutil -K -d . -f pin.txt
>>>> certutil: Checking token "NSS Certificate DB" in slot "NSS
User
>>>> Private Key and Certificate Services"
>>>> Incorrect password/PIN entered.
>>>> certutil: could not authenticate to token NSS Certificate DB.:
>>>> SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
>>>> [root@hypersouth admin-serv]#
>>>>
>>>>
>>>> On 8/22/19 10:14 PM, William Brown wrote:
>>>>> Try /etc/dirsrv/admin-serv/pin.txt with the format:
>>>>>
>>>>> Internal (Software) Token:PASSWORD
>>>>>
>>>>>> On 23 Aug 2019, at 13:12, Fernando Fuentes
>>>>>> <ffuentes(a)aasteel.com> wrote:
>>>>>>
>>>>>> Just to show that I got the password right :)
>>>>>>
>>>>>> [root@hypersouth admin-serv]# certutil -K -d . -f pwdfile.txt
>>>>>> certutil: Checking token "NSS Certificate DB" in slot
"NSS User
>>>>>> Private Key and Certificate Services"
>>>>>> < 0> rsa ec05a16fff5a6756702d91a127e4a5dbf8e93380
hypersouthCert
>>>>>> [root@hypersouth admin-serv]#
>>>>>>
>>>>>> On 8/22/19 9:53 PM, Fernando Fuentes wrote:
>>>>>>> William,
>>>>>>>
>>>>>>> Thank you for your help.
>>>>>>>
>>>>>>> There is something seriously wrong when importing certs and
>>>>>>> enabling ssl in the admin console. I did a full fresh install
>>>>>>> of 389 and I get the same error:
>>>>>>>
>>>>>>> [Thu Aug 22 16:46:59.824914 2019] [:error] [pid 12634:tid
>>>>>>> 140387102636160] Password for slot internal is incorrect.
>>>>>>> [Thu Aug 22 16:46:59.825384 2019] [:error] [pid 12634:tid
>>>>>>> 140387102636160] NSS initialization failed. Certificate
>>>>>>> database: /etc/dirsrv/admin-serv.
>>>>>>> [Thu Aug 22 16:46:59.825399 2019] [:error] [pid 12634:tid
>>>>>>> 140387102636160] SSL Library Error: -8177 The security
password
>>>>>>> entered is incorrect
>>>>>>>
>>>>>>> This not because I forgot the password nor I am not setting
the
>>>>>>> pin files..... No matter what I do or what I set (pin.txt or
>>>>>>> password.conf) It wont start and complains about the same
error.
>>>>>>>
>>>>>>> I have reloaded my OS like 5 Times and restarted the whole
>>>>>>> process to allways end up here with this same error.
>>>>>>>
>>>>>>> SSL Works for the dirsrv, I can restart just fine.
>>>>>>> SSL does not work for the admin console.
>>>>>>>
>>>>>>> Is this a bug?
>>>>>>>
>>>>>>> How can I revert back the admin console to normal?
>>>>>>> I try to restore a backup of my admin-serv folder and start
it
>>>>>>> and works but when I open the console, the console display
the
>>>>>>> status of the admin server as stopped even though its started
>>>>>>> and I can loging using the console.
>>>>>>>
>>>>>>>
>>>>>>> On 8/22/19 9:02 PM, William Brown wrote:
>>>>>>>> echo "Internal (Software) Token:PASSWORD" >
pin.txt
>>>>>>> _______________________________________________
>>>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>>>> To unsubscribe send an email to
>>>>>>> 389-users-leave(a)lists.fedoraproject.org
>>>>>>> Fedora Code of Conduct:
>>>>>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>>> List Guidelines:
>>>>>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>>> List Archives:
>>>>>>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>>> _______________________________________________
>>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>>> To unsubscribe send an email to
>>>>>> 389-users-leave(a)lists.fedoraproject.org
>>>>>> Fedora Code of Conduct:
>>>>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>>> List Guidelines:
>>>>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>>> List Archives:
>>>>>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>>> —
>>>>> Sincerely,
>>>>>
>>>>> William Brown
>>>>>
>>>>> Senior Software Engineer, 389 Directory Server
>>>>> SUSE Labs
>>>>> _______________________________________________
>>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>>> To unsubscribe send an email to
>>>>> 389-users-leave(a)lists.fedoraproject.org
>>>>> Fedora Code of Conduct:
>>>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>>> List Guidelines:
>>>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>>> List Archives:
>>>>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>>> _______________________________________________
>>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>>> To unsubscribe send an email to
>>>> 389-users-leave(a)lists.fedoraproject.org
>>>> Fedora Code of Conduct:
>>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>>> List Guidelines:
>>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> List Archives:
>>>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>>> —
>>> Sincerely,
>>>
>>> William Brown
>>>
>>> Senior Software Engineer, 389 Directory Server
>>> SUSE Labs
>>> _______________________________________________
>>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>>> To unsubscribe send an email to
>>> 389-users-leave(a)lists.fedoraproject.org
>>> Fedora Code of Conduct:
>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:
>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
>> _______________________________________________
>> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...