[Freeipa-users] SEC_ERROR_LEGACY_DATABASE
David Lin
linhai88 at stanford.edu
Fri May 29 08:45:12 UTC 2015
ipa host-find produces this
ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
and ipa host-show on only one of the hosts show
ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
all the other hosts are fine.
Thanks!
David
> On May 29, 2015, at 1:35 AM, Petr Vobornik <pvoborni at redhat.com> wrote:
>
> On 05/29/2015 10:02 AM, Martin Kosek wrote:
>> On 05/29/2015 01:27 AM, David Lin wrote:
>>> Hi,
>>> When I try to add multiple hosts, on the web UI, when I go to the host
>>> tab,
>
> This means that Web UI calls `ipa host-find` and couple of `ipa host-show` commands. Could you try it in CLI find out which command fails?
>
> So other web ui tabs work? Does service tab work(services has some common logic with hosts)?
>
>> I get
>>> Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
>>> certificate/key database is in an old, unsupported format.
>>>
>>> What does this mean?
>
> NSS returns SEC_ERROR_LEGACY_DATABASE when it can't read the database directory (for any reason, including non-existent directory)
>
>>
>> That's strange. CCIng Petr. Maybe /etc/httpd/alias NSS database was
>> somehow damaged? Although I doubt that, in that case Apache would not be
>> able to serve https even.
>
> +1
>
>>
>>> On one of the hosts, I do notice that when i do
>>>
>>> ipa host-show
>>>
>>> there is no certificate listed.
>>
>> If you are using FreeIPA 4.1+, this is expected:
>>
>> https://fedorahosted.org/freeipa/ticket/4449
>>
>> Martin
>>
>
> --
> Petr Vobornik
More information about the Freeipa-users
mailing list