[Fedora-directory-users] Solaris 9 ssl/tls setup. (security library: bad database.)
Jamie McKnight
warthog at warthogsolutions.com
Tue Dec 20 18:27:59 UTC 2005
On Tue, 2005-12-20 at 12:06 -0600, Michael Montgomery wrote:
> Thanks for the info... but
>
> I don't have netscape installed on this solaris server, so i can't use
> it to create the db. I found a certutil package that seems to create
> old db files here:
>
> http://www.gurulabs.com/goodies/downloads.php
>
> I guess I could install a really old version of netscape on my desktop
> machine, and use it, but is there an easier way to go about this, as
> trying to import the server cert gives this:
>
> bash-3.00# /usr/local/bin/certutil -A -n "CA certificate"
> -i /root/cert.crt -t
> "CTu,u,u"
> certutil: could not obtain certificate from file: Failure to load
> dynamic library.
George Holbert's reply has some links you might try. I think that if
you use the "Install Everything + OEM" aka SUNWCXall installation option
for Solaris 9, you should also have the sunone directory server software
installed. It might (can't remember for sure at the moment) have a
certutil you can use. grep certutil /var/sadm/install/contents would
tell you for sure.
I have also noticed that certutil is picky about where it runs, and
needs a library in cwd when you run it in some instances (seen this with
SunOne Directory Server 5.2 running under linux, look at the
~dsroot/alias dir as it has a .so lib there for certutil IIRC).
Good luck. If you have any issues once getting it in cert7.db format
with your SSL connections just shout. At my day job, I currently have
300+ Solaris 8/Solaris 9 servers running in tls:simple mode.
>
> Thanks again for any help you can offer.
No problem. Sorry for being short on the first email (and thanks George
for covering my lack of additional info), was short on time, and wanted
to get the info about cert7.db out.
Jamie
More information about the Fedora-directory-users
mailing list