[Fedora-directory-users] pk12util error

Thomas Kwan nkwan at redhat.com
Wed Nov 15 16:58:59 UTC 2006 

certutil is one of the utility from Mozilla's NSS project.
Check this page out for certutil usage:

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

Regarding to your error, can you make sure you run certutil in
your alias directory, and check if you have files named
slapd-myserver-cert8.db, slapd-myserver-key3.db.

-L specifies the directory where you have your security databases 
(cert8.db, key3.db, secmod.db)
-P specifies the prefix to the security database files

thomas

Glenn wrote:

>Thanks to all for the quick replies.  The problem was indeed that the 
>correct nickname is "server-cert", not "Server-Cert".  I am sure I tried 
>this yesterday, but I guess that was yesterday.  This command does not work:
>
>certutil -L -d . -P slapd-myserver-
>
>It returns this error:
>
>certutil-bin: NSS_Initialize failed: An I/O error occurred during security 
>authorization.
>
>Part of the difficulty with certificates seems to be that the documentation 
>for the utilities is so sparse.  If I knew that the nickname referred to the 
>name of a certificate rather than the name of the database file, this might 
>have been helpful.
>
>I checked up2date, and it did download something called "nss-ldap", but this 
>does not seem to have made a difference.
>
>I would like to be able to use certutil, so if you can think of any reasons 
>why it is not working, please share.  Thanks again for your help.   -Glenn.
>
>
>---------- Original Message -----------
>From: Thomas Kwan <nkwan at redhat.com>
>To: "General discussion list for the Fedora Directory server project." 
><fedora-directory-users at redhat.com>
>Sent: Wed, 15 Nov 2006 08:23:59 -0800
>Subject: Re: [Fedora-directory-users] pk12util error
>
>  
>
>>are you sure you have the certificate (and key) named Server-Cert?
>>You can check by doing a certutil -d . -P slapd-myserver- -L in
>>the alias directory.
>>
>>I just created an empty security database, and did a pk12util.
>>It correctly reported your error.
>>
>>---
>>[root at cseng tmp]# certutil -d . -N
>>Enter a password which will be used to encrypt your keys.
>>The password should be at least 8 characters long,
>>and should contain at least one non-alphabetic character.
>>
>>Enter new password:
>>Re-enter password:
>>[root at cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
>>Enter Password or Pin for "NSS Certificate DB":
>>pk12util: find user certs from nickname failed: security library: 
>>bad database.
>>---
>>
>>thomas
>>
>>    
>>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061115/89dd0d53/attachment.bin>

More information about the Fedora-directory-users mailing list