[Freeipa-users] ipa-client-install certutil failure
Rob Crittenden
rcritten at redhat.com
Tue Mar 5 13:43:22 UTC 2013
Jakub Bittner wrote:
> Hello,
>
> I am using IPA version 3.0 on server and if I want to install on ubuntu
> with ipa-client-install certutil in the end this command
> "/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
> /etc/ipa/ca.crt" fails.
>
> If I try it manually it says:
>
> certutil: function failed: The certificate/key database is in an old,
> unsupported format.
>
> I dont know for what I need nssdb. Is there a way how to recreate this
> nssdb file?
Is it safe to assume that there is no NSS database in /etc/pki/nssdb
(the certutil error msgs are horrible)? There should be 3 .db files,
keyX.db, certY.db and secmod.db.
To create an empty one do:
certutil -N -d /etc/pki/nssdb
You can set no password on this by pressing ENTER twice at the password
prompts.
These files are typically root:root mode 644.
rob
More information about the Freeipa-users
mailing list