[Freeipa-users] ipa-client-install certutil failure
Bittner Jakub
j.bittner at nbu.cz
Tue Mar 5 14:45:22 UTC 2013
On 5.3.2013 14:43, Rob Crittenden wrote:
> Jakub Bittner wrote:
>> Hello,
>>
>> I am using IPA version 3.0 on server and if I want to install on ubuntu
>> with ipa-client-install certutil in the end this command
>> "/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
>> /etc/ipa/ca.crt" fails.
>>
>> If I try it manually it says:
>>
>> certutil: function failed: The certificate/key database is in an old,
>> unsupported format.
>>
>> I dont know for what I need nssdb. Is there a way how to recreate this
>> nssdb file?
>
> Is it safe to assume that there is no NSS database in /etc/pki/nssdb
> (the certutil error msgs are horrible)? There should be 3 .db files,
> keyX.db, certY.db and secmod.db.
>
> To create an empty one do:
>
> certutil -N -d /etc/pki/nssdb
>
> You can set no password on this by pressing ENTER twice at the password
> prompts.
>
> These files are typically root:root mode 644.
>
> rob
>
Thank you for reply, I overcome this issue, but I have problem with
changing password on Ubuntu. I can log in, I can see GID, UIG and so,
but I can not change password.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4627 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130305/124d0c1f/attachment.p7s>
More information about the Freeipa-users
mailing list