[Freeipa-users] Replica created with expired certs
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Sep 29 17:28:26 UTC 2016
hi,
On Thu, Sep 29, 2016 at 2:11 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Natxo Asenjo wrote:
>
>> hi Jim,
>>
>> On Thu, Sep 29, 2016 at 7:37 AM, Jim Richard <jrichard at placeiq.com
>> <mailto:jrichard at placeiq.com>> wrote:
>>
>> Thanks Rob, that worked.
>>
>> Still on the subject of certs, any idea how to solve this error:
>>
>> Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
>> certificate/key database is in an old, unsupported format.
>>
>> I see that in the gui when querying hosts as well as from cli when I
>> ipa-show or ipa-find
>>
>>
>> I have had this too, and we did not find a solution (search my recent
>> posts on the archives). As a workaround I have created replicas and
>> decommissioned the older replicas.
>>
>
> On the one hand I'm glad this fixed it for you. On the other it is a
> rather unsatisfying answer. Unfortunately NSS doesn't always provide the
> most context with its error messages. This error is usually seen when one
> tries to open a non-existent database, which in this case is a very strange
> thing, especially since it goes from working to non-working in the same
> apache process over a few minutes.
>
I totally agree. I did not have enough time to investigate it further
because I'm changing jobs, so I really wanted to leave a working situation
behind me.
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160929/7bd8d90b/attachment.htm>
More information about the Freeipa-users
mailing list