[389-users] Existing certificate error
mallapadi niranjan
niranjan.ashok at gmail.com
Wed Aug 10 02:45:13 UTC 2011
On Tue, Aug 9, 2011 at 2:46 PM, s.varadha rajan <rajanvaradhu at gmail.com>wrote:
> Hi Niranjan,
>
> Thx for the reply and tried as per your steps.then i made changes in
> dse.ldif as per wiki.After that, i restarted then i got the below error,
>
> * Starting 389 Directory Server instances :
> [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable
> to find slot Netscape Portable Runtime error -8127 - The security card or
> token does not exist, needs to be initialized, or has been removed.)
> [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
> * *** Warning: 1 instance(s) failed to start... [fail]
>
In my earlier mentioned commands , i had mentioned /etc/dirsrv, please
replace this with /etc/dirsrv/slapd-<instance-name>/ and check the results.
>
>
> Any idea further please...
>
> Regards,
> Varad
>
> 2011/8/8 mallapadi niranjan <niranjan.ashok at gmail.com>
>
>>
>>
>> On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu at gmail.com>wrote:
>>
>>> Hi Niranjan,
>>>
>>> Password we have used while creating the certificate, that is not
>>> accepting. this is the problem.
>>>
>>> @Rob,
>>>
>>> We have the certificate in .p12 format and in that all are integrated.
>>> generally if you imported from .p12 everything should work.
>>>
>>> This is where i am struck and still facing the same issues.
>>>
>>> Regards,
>>> Varad
>>>
>>
>> Greetings,
>>
>> Does the pkcs12 file has a password, do you remember the password of the
>> .pk12 file ?
>>
>> If so you can try the below
>>
>> Important, please take backup of /etc/dirsrv before attempting and also
>> stop directory service
>> #service dirsrv stop
>>
>>
>> take the backup of NSS database file in /etc/dirsrv
>>
>>
>> $mv *.db /tmp/mybackup
>>
>> $cd /etc/dirsrv
>> Create a new database
>> $certutila -N -d /etc/dirsrv
>>
>> Import the certificates from pk12 file
>> $pk12util -d . -i <file-name>-n <nick-name>
>>
>> The nick-name is generally "server-cert", You can verify this by listing
>> the contents from the existing directory
>> $certutil -L -d /tmp/mybackup
>>
>> You might have to re-import the CA certificate if required,
>> $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
>>
>> Regards
>> Niranjan
>>
>>
>>
>>>
>>>
>>>
>>> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>>>
>>>> s.varadha rajan wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> We are planning to configure ssl enabled Fedora directory server.we
>>>>> have
>>>>> a proper signed certificate.while importing, it is asking "Enter the
>>>>> password to access the Token" ? like that. even though we have given
>>>>> the
>>>>> exact password, while creating the certificate but it is not working.
>>>>> I referred wiki fedora doc also but getting this error. How to use
>>>>> existing certificate and enable secure ldap server.
>>>>>
>>>>> I have already posted the same question but nobody is reply
>>>>>
>>>>> Regards,
>>>>> Varad
>>>>>
>>>>
>>>> Did you import the cert's private key too?
>>>>
>>>> rob
>>>>
>>>
>>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110810/4c929008/attachment.html>
More information about the 389-users
mailing list