I had a similar experience. Any modification to the database with certutil
suddenly made the legacy database error pop up. I assumed it was some
change in the underlying system or certutil utility. The cleanest way I was
able to get it to resolve it was to create a new, empty database in another
location and then use the --merge option to merge the original db into the
empty one. Then I could delete the old cert and add the new one without
issue.
--
Paul Engle
IAM Architect
Identity & Access Management
pengle(a)rice.edu 713-348-4702
On Mon, Aug 24, 2020 at 9:32 AM <rainer(a)ultra-secure.de> wrote:
Am 2020-08-24 16:13, schrieb Rob Crittenden:
> Mark Reynolds wrote:
>> I think the issue was that the new certificate "might" have had the
>> same
>> name as the old one?
>
> I suspect it's because a new private key was generated there are two
> certs with the same name but different keys.
>
> To re-use the existing private key the easiest way is to simply retain
> the original CSR and resubmit it when you need renewal. Or you can
> regenerate it and specify -k <key_id> when you do so to re-use the key
> rather than generating a new one.
>
> certutil -K -d /path/to/db to get list of keys.
Ah, OK - thank you.
I really just followed the documentation here - but I'll try that next
time.
Best Regards
Rainer
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...