Loading...

fedora-directory-users@redhat.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [389-users] Existing certificate error mallapadi niranjan Tue Aug 09 23:01:32 2011

On Tue, Aug 9, 2011 at 2:46 PM, s.varadha rajan <[EMAIL PROTECTED]>wrote:

> Hi Niranjan,
>
> Thx for the reply and tried as per your steps.then i made changes in
> dse.ldif as per wiki.After that, i restarted then i got the below error,
>
> * Starting 389 Directory Server instances :
> [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable
> to find slot Netscape Portable Runtime error -8127 - The security card or
> token does not exist, needs to be initialized, or has been removed.)
> [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
> * *** Warning: 1 instance(s) failed to start...   [fail]
>

In my earlier mentioned commands , i had mentioned /etc/dirsrv,  please
replace this with /etc/dirsrv/slapd-<instance-name>/ and check the results.



>
>
> Any idea further please...
>
> Regards,
> Varad
>
> 2011/8/8 mallapadi niranjan <[EMAIL PROTECTED]>
>
>>
>>
>> On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <[EMAIL PROTECTED]>wrote:
>>
>>> Hi Niranjan,
>>>
>>> Password we have used while creating the certificate, that is not
>>> accepting. this is the problem.
>>>
>>> @Rob,
>>>
>>> We have the certificate in .p12 format and in that all are integrated.
>>> generally if you imported from .p12 everything should work.
>>>
>>> This is where i am struck and still facing the same issues.
>>>
>>> Regards,
>>> Varad
>>>
>>
>> Greetings,
>>
>> Does the  pkcs12 file has a password,  do you remember the password of the
>> .pk12 file ?
>>
>> If so you can try the below
>>
>> Important, please take backup of /etc/dirsrv before attempting and also
>> stop directory service
>> #service dirsrv stop
>>
>>
>> take the backup of NSS database file in /etc/dirsrv
>>
>>
>> $mv *.db /tmp/mybackup
>>
>> $cd /etc/dirsrv
>> Create a new database
>> $certutila -N -d /etc/dirsrv
>>
>> Import the certificates from pk12 file
>> $pk12util -d . -i <file-name>-n <nick-name>
>>
>> The nick-name is generally "server-cert", You can verify this by listing
>> the contents from the existing directory
>> $certutil -L -d  /tmp/mybackup
>>
>> You might have to re-import the CA certificate if required,
>> $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
>>
>> Regards
>> Niranjan
>>
>>
>>
>>>
>>>
>>>
>>> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <[EMAIL PROTECTED]>wrote:
>>>
>>>> s.varadha rajan wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> We are planning to configure ssl enabled Fedora directory server.we
>>>>> have
>>>>> a proper signed certificate.while importing, it is asking "Enter the
>>>>> password to access the Token" ? like that. even though we have given
>>>>> the
>>>>> exact password, while creating the certificate but it is not working.
>>>>> I referred wiki fedora doc also but getting this error. How to use
>>>>> existing certificate and enable secure ldap server.
>>>>>
>>>>> I have already posted the same question but nobody is reply
>>>>>
>>>>> Regards,
>>>>> Varad
>>>>>
>>>>
>>>> Did you import the cert's private key too?
>>>>
>>>> rob
>>>>
>>>
>>>
>>
>> --
>> 389 users mailing list
>> [EMAIL PROTECTED]
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
--
389 users mailing list
[EMAIL PROTECTED]
https://admin.fedoraproject.org/mailman/listinfo/389-users