[389-users] Existing certificate error
s.varadha rajan
rajanvaradhu at gmail.com
Tue Aug 9 09:16:44 UTC 2011
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in
dse.ldif as per wiki.After that, i restarted then i got the below error,
* Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable
to find slot Netscape Portable Runtime error -8127 - The security card or
token does not exist, needs to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
* *** Warning: 1 instance(s) failed to start... [fail]
Any idea further please...
Regards,
Varad
2011/8/8 mallapadi niranjan <niranjan.ashok at gmail.com>
>
>
> On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu at gmail.com>wrote:
>
>> Hi Niranjan,
>>
>> Password we have used while creating the certificate, that is not
>> accepting. this is the problem.
>>
>> @Rob,
>>
>> We have the certificate in .p12 format and in that all are integrated.
>> generally if you imported from .p12 everything should work.
>>
>> This is where i am struck and still facing the same issues.
>>
>> Regards,
>> Varad
>>
>
> Greetings,
>
> Does the pkcs12 file has a password, do you remember the password of the
> .pk12 file ?
>
> If so you can try the below
>
> Important, please take backup of /etc/dirsrv before attempting and also
> stop directory service
> #service dirsrv stop
>
>
> take the backup of NSS database file in /etc/dirsrv
>
>
> $mv *.db /tmp/mybackup
>
> $cd /etc/dirsrv
> Create a new database
> $certutila -N -d /etc/dirsrv
>
> Import the certificates from pk12 file
> $pk12util -d . -i <file-name>-n <nick-name>
>
> The nick-name is generally "server-cert", You can verify this by listing
> the contents from the existing directory
> $certutil -L -d /tmp/mybackup
>
> You might have to re-import the CA certificate if required,
> $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
>
> Regards
> Niranjan
>
>
>
>>
>>
>>
>> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>>
>>> s.varadha rajan wrote:
>>>
>>>> Hi,
>>>>
>>>> We are planning to configure ssl enabled Fedora directory server.we have
>>>> a proper signed certificate.while importing, it is asking "Enter the
>>>> password to access the Token" ? like that. even though we have given the
>>>> exact password, while creating the certificate but it is not working.
>>>> I referred wiki fedora doc also but getting this error. How to use
>>>> existing certificate and enable secure ldap server.
>>>>
>>>> I have already posted the same question but nobody is reply
>>>>
>>>> Regards,
>>>> Varad
>>>>
>>>
>>> Did you import the cert's private key too?
>>>
>>> rob
>>>
>>
>>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110809/d59cae08/attachment.html>
More information about the 389-users
mailing list