[Fedora-directory-users] pk12util error

Thomas Kwan nkwan at redhat.com
Wed Nov 15 16:23:59 UTC 2006 

are you sure you have the certificate (and key) named Server-Cert?
You can check by doing a certutil -d . -P slapd-myserver- -L in
the alias directory.

I just created an empty security database, and did a pk12util.
It correctly reported your error.

---
[root at cseng tmp]# certutil -d . -N
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
[root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
Enter Password or Pin for "NSS Certificate DB":
pk12util: find user certs from nickname failed: security library: bad 
database.
---

thomas

Glenn wrote:

>I'm trying to get Windows Sync working on an evaluation copy of Red Hat 
>Directory Server 7.1 SP3.  I am stuck at the step where you export the 
>directory server's certificate to a file.  I use this command:
>
>./pk12util -d . -P slapd-myserver- -o servercert.pfx -n Server-Cert
>
>The response is:
>
>Enter Password or Pin for "NSS Certificate DB"
>
>After I enter the password, I get this error message:
>
>pk12util-bin: find user certs from nickname failed: security library: bad 
>database.
>
>I have followed all the instructions for setting up SSL in the directory 
>server and the admin server several times.  The server and CA certificates 
>have been requested and installed.  Everything looks correct in the console 
>screens.  The slapd-myserver-cert8.db and slapd-myserver-key3.db files 
>exist.  I got tired of retyping the path to the pk12util file, so I copied 
>it to the alias directory containing the certificates and databases.
>
>What are some things I can try to get pk12util working?  Or is there another 
>way to export the certificate and key so that I can import them into the 
>Windows certificate store?  Could this be an NSS problem?  Should I look for 
>an NSS update?
>
>I will try just about anything, but the boss is real keen on using Red Hat, 
>as he believes the longer development cycle will make it easier to maintain 
>in the long run.  However, if Fedora Directory Server is the only option 
>that works, I may be able to present it that way.  I apologize for the off-
>topic question, but there doesn't seem to be any support for the evaluation 
>of RHDS.  Thanks.   -Glenn.
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061115/b4444aaf/attachment.bin>

More information about the 389-users mailing list