[Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
Rob Crittenden
rcritten at redhat.com
Thu Sep 8 13:25:13 UTC 2016
Natxo Asenjo wrote:
> I do see these errors:
> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO:: ping(): SUCCESS
> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
> all=False, raw=False, version=u'2.49', no_members=False,
> pkey_only=False): CertificateFormatError
> [Wed Sep 07 15:56:44 2016] [error] ipa: INFO: : ping(): SUCCESS
> [Wed Sep 07 15:56:44 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
> all=False, raw=False, version=u'2.49', no_members=False,
> pkey_only=False): CertificateFormatError
> [Wed Sep 07 15:57:57 2016] [error] ipa: INFO: : ping(): SUCCESS
> [Wed Sep 07 15:57:58 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
> all=False, raw=False, version=u'2.49', no_members=False,
> pkey_only=False): CertificateFormatErro
>
>
> On Wed, Sep 7, 2016 at 4:01 PM, Natxo Asenjo <natxo.asenjo at gmail.com
> <mailto:natxo.asenjo at gmail.com>> wrote:
>
>
> alas, not woriking again.
>
> On the one kdc
>
> $ ipa host-find tftp-1801
> ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE)
> The certificate/key database is in an old, unsupported format.
>
> On the other:
>
> $ ipa host-find tftp-1801
> --------------
> 1 host matched
> --------------
> Host name: tftp-1801.sub.domain.tld
> .....
>
> After rebooting the kdc with the error, no new tracebacks in the
> error_log
No new tracebacks but still not working?
The CertificateFormatError is the server logging the equivalent of what
you're seeing in the client.
rob
More information about the Freeipa-users
mailing list