Hi,
 
ipa: DEBUG: stderr=certutil: could not find certificate named "Server-Cert": SEC_ERROR_BAD_DATABASE: security library: bad database.

i got this error


Regards,
Anush Jayan 
Devops Engineer

TRACKPOINT GPS PVT. LTD.



On Fri, Sep 28, 2018 at 1:02 AM Rob Crittenden <rcritten@redhat.com> wrote:
Anush Jayan via FreeIPA-users wrote:
> im getting this error when i use the same password  which i used for
> directory manager password
>
>
> Command '/usr/bin/certutil -d /etc/apache2/nssdb -D -n Server-Cert'
> returned non-zero exit status 255
> The ipa-server-certinstall command failed.

You might try passing -v to the command to get more output.

This particular error in itself isn't treated as fatal.

rob

>
>
> On Thu, Sep 27, 2018, 10:53 PM Anush Jayan <anush@matchpointgps.com
> <mailto:anush@matchpointgps.com>> wrote:
>
>     yes it is encrypted but i have created ssl using letsencrypt and it
>     is passwordless i dont know which password i should insert when it
>     ask to enter password for private key
>     do you know any other way by which i can use letsencrypt
>     fullchain.pem chain.pem and privkey pem as ssl 
>
>     On Thu, Sep 27, 2018, 10:40 PM Rob Crittenden <rcritten@redhat.com
>     <mailto:rcritten@redhat.com>> wrote:
>
>         Anush Jayan wrote:
>         > |ipa-cacert-manage -n DSTRootCAX3 -t C,, install DTSRootCAX3.pem|
>         >
>         > |
>         >
>         > |ipa-cacert-manage -n LetsEncryptX3 -t C,, install ca.cer|
>         >
>         > |
>         >
>         > |ipa-certupdate |
>         >
>         > |
>         >
>         > |ipa-server-certinstall -w fullchain.pem privkey.pem|
>         >
>         > |then it askd me for directory manager password|
>         >
>         > |then it was asking for something private key unlock password |
>         >
>         > |here i got atuck i dont know which password to insert|
>
>         I can only assume that the private key is encrypted. You need to
>         provide
>         the encryption key for it.
>
>         If you look at the contents of privkey.pem and it starts with:
>
>         -----BEGIN ENCRYPTED PRIVATE KEY-----
>
>         then it is encrypted.
>
>         rob
>
>         >
>         > |
>         >
>         > |
>         >
>         > |
>         >
>         >
>         > On Thu, Sep 27, 2018, 7:10 PM Rob Crittenden
>         <rcritten@redhat.com <mailto:rcritten@redhat.com>
>         > <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> wrote:
>         >
>         >     Anush Jayan via FreeIPA-users wrote:
>         >     > im currently using freeipa 4.3.1 on ubuntu 16.04 im
>         having trouble
>         >     installing letsencrypt ssl key for https can anyone help
>         me fix this
>         >     >
>         >
>         >     It would help if you said what you tried and what you are
>         seeing.
>         >
>         >     rob
>         >
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>