Hi,
I'm trying to renew a certificate in 389 server.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html-single/administration_guide/index#renewing_a_certificate
I've created a new private key and CSR with
certutil -d /etc/dirsrv/slapd-instance/ -R -g 4096 -a \
-o /root/slapd-name.csr -8 name.fqdn \
-s "CN=name.fqdn,O=org,ST=State,C=CH"
I try to import it with
certutil -d /etc/dirsrv/slapd-instance/ -A \
-n "Server Cert" -t ",," -a -i /root/slapd-name.crt
But this results in
"certutil: could not add certificate to token or database:
SEC_ERROR_ADDING_CERT: Error adding certificate to database."
If I try this using the GUI, I also get the NSS error code 8168
What exactly is the problem?
It seems there is no "verbose" switch for certutil - or at least it's
not documented.
389-admin-1.1.46-1.el7.x86_64
389-admin-console-1.1.12-1.el7.noarch
389-admin-console-doc-1.1.12-1.el7.noarch
389-adminutil-1.1.22-2.el7.x86_64
389-console-1.1.19-6.el7.noarch
389-ds-base-1.3.10.1-9.el7_8.x86_64
389-ds-base-libs-1.3.10.1-9.el7_8.x86_64
389-ds-base-snmp-1.3.10.1-9.el7_8.x86_64
389-ds-console-1.2.16-1.el7.noarch
389-ds-console-doc-1.2.16-1.el7.noarch
CentOS 7, 64bit.
Now, I tried to list the private keys with -K, I get
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
Is there documentation on how to upgrade the database?
Rainer
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment