[Freeipa-users] SEC_ERROR_LEGACY_DATABASE
Petr Vobornik
pvoborni at redhat.com
Fri May 29 08:35:43 UTC 2015
On 05/29/2015 10:02 AM, Martin Kosek wrote:
> On 05/29/2015 01:27 AM, David Lin wrote:
>> Hi,
>> When I try to add multiple hosts, on the web UI, when I go to the host
>> tab,
This means that Web UI calls `ipa host-find` and couple of `ipa
host-show` commands. Could you try it in CLI find out which command fails?
So other web ui tabs work? Does service tab work(services has some
common logic with hosts)?
> I get
>> Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
>> certificate/key database is in an old, unsupported format.
>>
>> What does this mean?
NSS returns SEC_ERROR_LEGACY_DATABASE when it can't read the database
directory (for any reason, including non-existent directory)
>
> That's strange. CCIng Petr. Maybe /etc/httpd/alias NSS database was
> somehow damaged? Although I doubt that, in that case Apache would not be
> able to serve https even.
+1
>
>> On one of the hosts, I do notice that when i do
>>
>> ipa host-show
>>
>> there is no certificate listed.
>
> If you are using FreeIPA 4.1+, this is expected:
>
> https://fedorahosted.org/freeipa/ticket/4449
>
> Martin
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list