[Fedora-directory-users] pk12util error
Rob Crittenden
rcritten at redhat.com
Wed Nov 15 16:15:59 UTC 2006
Glenn wrote:
> I'm trying to get Windows Sync working on an evaluation copy of Red Hat
> Directory Server 7.1 SP3. I am stuck at the step where you export the
> directory server's certificate to a file. I use this command:
>
> ./pk12util -d . -P slapd-myserver- -o servercert.pfx -n Server-Cert
>
> The response is:
>
> Enter Password or Pin for "NSS Certificate DB"
>
> After I enter the password, I get this error message:
>
> pk12util-bin: find user certs from nickname failed: security library: bad
> database.
>
> I have followed all the instructions for setting up SSL in the directory
> server and the admin server several times. The server and CA certificates
> have been requested and installed. Everything looks correct in the console
> screens. The slapd-myserver-cert8.db and slapd-myserver-key3.db files
> exist. I got tired of retyping the path to the pk12util file, so I copied
> it to the alias directory containing the certificates and databases.
>
> What are some things I can try to get pk12util working? Or is there another
> way to export the certificate and key so that I can import them into the
> Windows certificate store? Could this be an NSS problem? Should I look for
> an NSS update?
>
> I will try just about anything, but the boss is real keen on using Red Hat,
> as he believes the longer development cycle will make it easier to maintain
> in the long run. However, if Fedora Directory Server is the only option
> that works, I may be able to present it that way. I apologize for the off-
> topic question, but there doesn't seem to be any support for the evaluation
> of RHDS. Thanks. -Glenn.
You can try running: certutil -L -d . -P slapd-myserver-
This will list the certificates and their nicknames.
Or you can try: 'server-cert' as the nickname instead of 'Server-Cert'
with pk21util. I believe nicknames are case sensitive.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061115/9ea15826/attachment.bin>
More information about the Fedora-directory-users
mailing list