Ian McGreer <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Edward Quick wrote: > > Hi, > > > > After a long morning compiling NSS I finally managed it only to find > > that things didn't quite work the way I expected: > > > > I thought that if I cd'd into the certificate directory > > /opt/netscape/nes/4.1/alias and did > > > > certutil -L -d . > > > > it would list the info of keys in that dir but all I got was: > > > > certutil: NSS_Initialize failed: security library: bad database. > > Do you have read permissions to the files in that directory? What are > the names of the database files? > > > Anyway, to cut a long story short, I am trying to migrate iPlanet > > certificates to Apache (and I was told I needed pk12util). Could > > someone confirm that is true and perhaps if they are very generous > > give me some advice how to do it please? > > You will use pk12util. It is very easy to use, in this case > > pk12util -o foo.p12 -n foo -d . > > where foo is the nickname of your cert. > > -Ian >
Hi Ian, Thanks for the reply. Here's the contents of the one of the dirs I'm testing on: # pwd /opt/netscape/nes/3.63/alias # -rw-r--r-- 1 root other 236 Sep 27 2000 ServerCertInfo.txt -rw-r--r-- 1 root netscape 0 Jan 31 2000 cert.log -rw------- 1 root other 32768 Sep 5 21:01 cert7.db -rw------- 1 root other 32768 Sep 5 21:01 key3.db -rw------- 1 root other 32768 Sep 5 20:59 secmod.db -rw-r----- 1 root netscape 65536 Jun 22 2000 smpd9-cert.db -rw-r----- 1 root netscape 65536 Jun 28 2001 smpd9-key.db -rw-r----- 1 root netscape 65536 Sep 29 2000 sstraveldev-cert.db -rw-r----- 1 root netscape 65536 Jul 30 2001 sstraveldev-key.db And this is the output I'm getting when I issue certutil/pk12util from that dir: # certutil -L -d . Certificate Name Trust Attributes p Valid peer P Trusted peer (implies p) c Valid CA T Trusted CA to issue client certs (implies c) C Trusted CA to certs(only server certs for ssl) (implies c) u User cert w Send warning # # pk12util -o sstraveldev.pk12 -n sstraveldev -d . pk12util: find cert by nickname failed: security library: bad database. # I'm not too sure what the nicks of the certificates are supposed to be. I presumed that was just the name of the file without the .db suffix, is that right? Ed.
