Thanks to all for the quick replies. The problem was indeed that the
correct nickname is "server-cert", not "Server-Cert". I am sure I
tried
this yesterday, but I guess that was yesterday. This command does not work:
certutil -L -d . -P slapd-myserver-
It returns this error:
certutil-bin: NSS_Initialize failed: An I/O error occurred during security
authorization.
Part of the difficulty with certificates seems to be that the documentation
for the utilities is so sparse. If I knew that the nickname referred to the
name of a certificate rather than the name of the database file, this might
have been helpful.
I checked up2date, and it did download something called "nss-ldap", but this
does not seem to have made a difference.
I would like to be able to use certutil, so if you can think of any reasons
why it is not working, please share. Thanks again for your help. -Glenn.
---------- Original Message -----------
From: Thomas Kwan <nkwan(a)redhat.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Wed, 15 Nov 2006 08:23:59 -0800
Subject: Re: [Fedora-directory-users] pk12util error
are you sure you have the certificate (and key) named Server-Cert?
You can check by doing a certutil -d . -P slapd-myserver- -L in
the alias directory.
I just created an empty security database, and did a pk12util.
It correctly reported your error.
---
[root@cseng tmp]# certutil -d . -N
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
[root@cseng tmp]# pk12util -d . -o a.p12 -n Server-Cert
Enter Password or Pin for "NSS Certificate DB":
pk12util: find user certs from nickname failed: security library:
bad database.
---
thomas