[Fedora-directory-users] pk12util error

Richard Megginson rmeggins at redhat.com
Wed Nov 15 16:54:17 UTC 2006 

Glenn wrote:
> Thanks to all for the quick replies.  The problem was indeed that the 
> correct nickname is "server-cert", not "Server-Cert".  I am sure I tried 
> this yesterday, but I guess that was yesterday.  This command does not work:
>
> certutil -L -d . -P slapd-myserver-
>
> It returns this error:
>
> certutil-bin: NSS_Initialize failed: An I/O error occurred during security 
> authorization.
>   
in the alias directory, do
ls -al
What do you see?

If you have the files cert8.db and key3.db, try
certutil -L -d .

> Part of the difficulty with certificates seems to be that the documentation 
> for the utilities is so sparse.  If I knew that the nickname referred to the 
> name of a certificate rather than the name of the database file, this might 
> have been helpful.
>
> I checked up2date, and it did download something called "nss-ldap", but this 
> does not seem to have made a difference.
>
> I would like to be able to use certutil, so if you can think of any reasons 
> why it is not working, please share.  Thanks again for your help.   -Glenn.
>
>
> ---------- Original Message -----------
> From: Thomas Kwan <nkwan at redhat.com>
> To: "General discussion list for the Fedora Directory server project." 
> <fedora-directory-users at redhat.com>
> Sent: Wed, 15 Nov 2006 08:23:59 -0800
> Subject: Re: [Fedora-directory-users] pk12util error
>
>   
>> are you sure you have the certificate (and key) named Server-Cert?
>> You can check by doing a certutil -d . -P slapd-myserver- -L in
>> the alias directory.
>>
>> I just created an empty security database, and did a pk12util.
>> It correctly reported your error.
>>
>> ---
>> [root at cseng tmp]# certutil -d . -N
>> Enter a password which will be used to encrypt your keys.
>> The password should be at least 8 characters long,
>> and should contain at least one non-alphabetic character.
>>
>> Enter new password:
>> Re-enter password:
>> [root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
>> Enter Password or Pin for "NSS Certificate DB":
>> pk12util: find user certs from nickname failed: security library: 
>> bad database.
>> ---
>>
>> thomas
>>
>>     
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061115/7b60a375/attachment.bin>

More information about the Fedora-directory-users mailing list