[Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Sep 13 08:22:45 UTC 2016
hi,
On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Natxo Asenjo wrote:
>
>> hi,
>>
>> I can reproduce this everytime. Restarting httpd fixes it for a while,
>> but then ik stops working:
>>
>> $ ipa cert-show 1
>> ipa: ERROR: cannot connect to
>> 'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial':
>> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
>> unsupported format.
>>
>
> It is very strange that it goes from a working to a non-working state.
>
> I have only two suggestions:
>
> 1. Create /etc/ipa/server.conf with a [global] section and debug=True in
> it, restart httpd. Your log will be quite a bit more verbose but given it
> reproduces so quickly hopefully won't be too big a deal. That might show
> something.
>
> 2. Try brute force with strace. Finding the right httpd process to strace
> can be frustrating but usually there are only 8 and they rotate so
> eventually you should get the right one.
>
Could I send you the log files privately?
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160913/4881c577/attachment.htm>
More information about the Freeipa-users
mailing list