[Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

Natxo Asenjo natxo.asenjo at gmail.com
Thu Sep 8 16:30:35 UTC 2016 

On Thu, Sep 8, 2016 at 3:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Natxo Asenjo wrote:
>
>> I do see these errors:
>> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO:: ping(): SUCCESS
>> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
>> all=False, raw=False, version=u'2.49', no_members=False,
>> pkey_only=False): CertificateFormatError
>> [Wed Sep 07 15:56:44 2016] [error] ipa: INFO: : ping(): SUCCESS
>> [Wed Sep 07 15:56:44 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
>> all=False, raw=False, version=u'2.49', no_members=False,
>> pkey_only=False): CertificateFormatError
>> [Wed Sep 07 15:57:57 2016] [error] ipa: INFO: : ping(): SUCCESS
>> [Wed Sep 07 15:57:58 2016] [error] ipa: INFO: : host_find(u'tftp-1801',
>> all=False, raw=False, version=u'2.49', no_members=False,
>> pkey_only=False): CertificateFormatErro
>>
>>
>> On Wed, Sep 7, 2016 at 4:01 PM, Natxo Asenjo <natxo.asenjo at gmail.com
>> <mailto:natxo.asenjo at gmail.com>> wrote:
>>
>>
>>     alas, not woriking again.
>>
>>     On the one kdc
>>
>>     $ ipa host-find tftp-1801
>>     ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE)
>>     The certificate/key database is in an old, unsupported format.
>>
>>     On the other:
>>
>>     $ ipa host-find tftp-1801
>>     --------------
>>     1 host matched
>>     --------------
>>        Host name: tftp-1801.sub.domain.tld
>>     .....
>>
>>     After rebooting the kdc with the error, no new tracebacks in the
>>     error_log
>>
>
> No new tracebacks but still not working?
>
> The CertificateFormatError is the server logging the equivalent of what
> you're seeing in the client.
>
> rob
>


that's right.

Is there anything else I can look at?


-- 
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160908/a9f8fd7f/attachment.htm>

More information about the Freeipa-users mailing list