[Fedora-directory-users] pk12util error
Thomas Kwan
nkwan at redhat.com
Wed Nov 15 16:23:59 UTC 2006
are you sure you have the certificate (and key) named Server-Cert?
You can check by doing a certutil -d . -P slapd-myserver- -L in
the alias directory.
I just created an empty security database, and did a pk12util.
It correctly reported your error.
---
[root at cseng tmp]# certutil -d . -N
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
[root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
Enter Password or Pin for "NSS Certificate DB":
pk12util: find user certs from nickname failed: security library: bad
database.
---
thomas
Glenn wrote:
>I'm trying to get Windows Sync working on an evaluation copy of Red Hat
>Directory Server 7.1 SP3. I am stuck at the step where you export the
>directory server's certificate to a file. I use this command:
>
>./pk12util -d . -P slapd-myserver- -o servercert.pfx -n Server-Cert
>
>The response is:
>
>Enter Password or Pin for "NSS Certificate DB"
>
>After I enter the password, I get this error message:
>
>pk12util-bin: find user certs from nickname failed: security library: bad
>database.
>
>I have followed all the instructions for setting up SSL in the directory
>server and the admin server several times. The server and CA certificates
>have been requested and installed. Everything looks correct in the console
>screens. The slapd-myserver-cert8.db and slapd-myserver-key3.db files
>exist. I got tired of retyping the path to the pk12util file, so I copied
>it to the alias directory containing the certificates and databases.
>
>What are some things I can try to get pk12util working? Or is there another
>way to export the certificate and key so that I can import them into the
>Windows certificate store? Could this be an NSS problem? Should I look for
>an NSS update?
>
>I will try just about anything, but the boss is real keen on using Red Hat,
>as he believes the longer development cycle will make it easier to maintain
>in the long run. However, if Fedora Directory Server is the only option
>that works, I may be able to present it that way. I apologize for the off-
>topic question, but there doesn't seem to be any support for the evaluation
>of RHDS. Thanks. -Glenn.
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061115/b4444aaf/attachment.bin>
More information about the 389-users
mailing list