Re: [389-users] Existing certificate error
Hi, corresponding http://directory.fedoraproject.org/wiki/Howto:SSL your /etc/dirserv/slapd-inst/pin.txt file has to contain: internal:your-password Please check the syntax Regards Carsten - Ursprüngliche Nachricht - Von: s.varadha rajan rajanvara...@gmail.com Datum: Dienstag, 9. August 2011, 11:16 Betreff: Re: [389-users] Existing certificate error An: General discussion list for the 389 Directory server project. 389-users@lists.fedoraproject.org Hi Niranjan, Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error, * Starting 389 Directory Server instances : [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed. * *** Warning: 1 instance(s) failed to start... [fail] Any idea further please... Regards, Varad 2011/8/8 mallapadi niranjan niranjan.as...@gmail.com On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvara...@gmail.com wrote: Hi Niranjan, Password we have used while creating the certificate, that is not accepting. this is the problem. @Rob, We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work. This is where i am struck and still facing the same issues. Regards, Varad Greetings, Does the pkcs12 file has a password, do you remember the password of the .pk12 file ? If so you can try the below Important, please take backup of /etc/dirsrv before attempting and also stop directory service #service dirsrv stop take the backup of NSS database file in /etc/dirsrv $mv *.db /tmp/mybackup $cd /etc/dirsrv Create a new database $certutila -N -d /etc/dirsrv Import the certificates from pk12 file $pk12util -d . -i file-name-n nick-name The nick-name is generally server-cert, You can verify this by listing the contents from the existing directory $certutil -L -d /tmp/mybackup You might have to re-import the CA certificate if required, $certutil -A -d /etc/dirsrv -a -i CA-certificate -t TC,, Regards Niranjan On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcrit...@redhat.com wrote: s.varadha rajan wrote: Hi, We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking Enter the password to access the Token ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server. I have already posted the same question but nobody is reply Regards, Varad Did you import the cert's private key too? rob -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users attachment: grzemba.vcf-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Existing certificate error
On Tue, Aug 9, 2011 at 2:46 PM, s.varadha rajan rajanvara...@gmail.comwrote: Hi Niranjan, Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per wiki.After that, i restarted then i got the below error, * Starting 389 Directory Server instances : [09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot Netscape Portable Runtime error -8127 - The security card or token does not exist, needs to be initialized, or has been removed.) [09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed. * *** Warning: 1 instance(s) failed to start... [fail] In my earlier mentioned commands , i had mentioned /etc/dirsrv, please replace this with /etc/dirsrv/slapd-instance-name/ and check the results. Any idea further please... Regards, Varad 2011/8/8 mallapadi niranjan niranjan.as...@gmail.com On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan rajanvara...@gmail.comwrote: Hi Niranjan, Password we have used while creating the certificate, that is not accepting. this is the problem. @Rob, We have the certificate in .p12 format and in that all are integrated. generally if you imported from .p12 everything should work. This is where i am struck and still facing the same issues. Regards, Varad Greetings, Does the pkcs12 file has a password, do you remember the password of the .pk12 file ? If so you can try the below Important, please take backup of /etc/dirsrv before attempting and also stop directory service #service dirsrv stop take the backup of NSS database file in /etc/dirsrv $mv *.db /tmp/mybackup $cd /etc/dirsrv Create a new database $certutila -N -d /etc/dirsrv Import the certificates from pk12 file $pk12util -d . -i file-name-n nick-name The nick-name is generally server-cert, You can verify this by listing the contents from the existing directory $certutil -L -d /tmp/mybackup You might have to re-import the CA certificate if required, $certutil -A -d /etc/dirsrv -a -i CA-certificate -t TC,, Regards Niranjan On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden rcrit...@redhat.comwrote: s.varadha rajan wrote: Hi, We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking Enter the password to access the Token ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server. I have already posted the same question but nobody is reply Regards, Varad Did you import the cert's private key too? rob -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Existing certificate error
Hi, We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking Enter the password to access the Token ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server. I have already posted the same question but nobody is reply Regards, Varad -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Existing certificate error
Greetings, When clicking on Manage certificates From console for the first time, it would ask to set a password. after which you can create/request or import certificates. The certificates are stored in NSS database in /etc/dirsrv/slapd-instance-name So you need to know what was the original password that was set when you clicked on Manage certificates in Directory Server for the first time. Regards Niranjan 2011/8/5 s.varadha rajan rajanvara...@gmail.com Hi, We are planning to configure ssl enabled Fedora directory server.we have a proper signed certificate.while importing, it is asking Enter the password to access the Token ? like that. even though we have given the exact password, while creating the certificate but it is not working. I referred wiki fedora doc also but getting this error. How to use existing certificate and enable secure ldap server. I have already posted the same question but nobody is reply Regards, Varad -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users