1:27 a.m.
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a
proper signed certificate.while importing, it is asking "Enter the password
to access the Token" ? like that. even though we have given the exact
password, while creating the certificate but it is not working.
I referred wiki fedora doc also but getting this error. How to use existing
certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards,
Varad
3:51 a.m.
Greetings,
When clicking on "Manage certificates" From console for the first time, it
would ask to set a password. after which you can create/request or import
certificates.
The certificates are stored in NSS database in
/etc/dirsrv/slapd-<instance-name>
So you need to know what was the original password that was set when you
clicked on Manage certificates in Directory Server for the first time.
Regards
Niranjan
2011/8/5 s.varadha rajan <rajanvaradhu(a)gmail.com>
Hi,
We are planning to configure ssl enabled Fedora directory server.we have a
proper signed certificate.while importing, it is asking "Enter the password
to access the Token" ? like that. even though we have given the exact
password, while creating the certificate but it is not working.
I referred wiki fedora doc also but getting this error. How to use existing
certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards,
Varad
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
8:35 a.m.
s.varadha rajan wrote:
Hi,
We are planning to configure ssl enabled Fedora directory server.we have
a proper signed certificate.while importing, it is asking "Enter the
password to access the Token" ? like that. even though we have given the
exact password, while creating the certificate but it is not working.
I referred wiki fedora doc also but getting this error. How to use
existing certificate and enable secure ldap server.
I have already posted the same question but nobody is reply
Regards,
Varad
Did you import the cert's private key too?
rob
5:40 a.m.
Hi Niranjan,
Password we have used while creating the certificate, that is not accepting.
this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated.
generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards,
Varad
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten(a)redhat.com> wrote:
s.varadha rajan wrote:
> Hi,
>
> We are planning to configure ssl enabled Fedora directory server.we have
> a proper signed certificate.while importing, it is asking "Enter the
> password to access the Token" ? like that. even though we have given the
> exact password, while creating the certificate but it is not working.
> I referred wiki fedora doc also but getting this error. How to use
> existing certificate and enable secure ldap server.
>
> I have already posted the same question but nobody is reply
>
> Regards,
> Varad
>
Did you import the cert's private key too?
rob
8:36 a.m.
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu(a)gmail.com>wrote:
Hi Niranjan,
Password we have used while creating the certificate, that is not
accepting. this is the problem.
@Rob,
We have the certificate in .p12 format and in that all are integrated.
generally if you imported from .p12 everything should work.
This is where i am struck and still facing the same issues.
Regards,
Varad
Greetings,
Does the pkcs12 file has a password, do you remember the password of the
.pk12 file ?
If so you can try the below
Important, please take backup of /etc/dirsrv before attempting and also stop
directory service
#service dirsrv stop
take the backup of NSS database file in /etc/dirsrv
$mv *.db /tmp/mybackup
$cd /etc/dirsrv
Create a new database
$certutila -N -d /etc/dirsrv
Import the certificates from pk12 file
$pk12util -d . -i <file-name>-n <nick-name>
The nick-name is generally "server-cert", You can verify this by listing the
contents from the existing directory
$certutil -L -d /tmp/mybackup
You might have to re-import the CA certificate if required,
$certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards
Niranjan
On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten(a)redhat.com>wrote:
> s.varadha rajan wrote:
>
>> Hi,
>>
>> We are planning to configure ssl enabled Fedora directory server.we have
>> a proper signed certificate.while importing, it is asking "Enter the
>> password to access the Token" ? like that. even though we have given the
>> exact password, while creating the certificate but it is not working.
>> I referred wiki fedora doc also but getting this error. How to use
>> existing certificate and enable secure ldap server.
>>
>> I have already posted the same question but nobody is reply
>>
>> Regards,
>> Varad
>>
>
> Did you import the cert's private key too?
>
> rob
>
4:16 a.m.
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in
dse.ldif as per wiki.After that, i restarted then i got the below error,
* Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable
to find slot Netscape Portable Runtime error -8127 - The security card or
token does not exist, needs to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
* *** Warning: 1 instance(s) failed to start... [fail]
Any idea further please...
Regards,
Varad
2011/8/8 mallapadi niranjan <niranjan.ashok(a)gmail.com>
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu(a)gmail.com>wrote:
> Hi Niranjan,
>
> Password we have used while creating the certificate, that is not
> accepting. this is the problem.
>
> @Rob,
>
> We have the certificate in .p12 format and in that all are integrated.
> generally if you imported from .p12 everything should work.
>
> This is where i am struck and still facing the same issues.
>
> Regards,
> Varad
>
Greetings,
Does the pkcs12 file has a password, do you remember the password of the
.pk12 file ?
If so you can try the below
Important, please take backup of /etc/dirsrv before attempting and also
stop directory service
#service dirsrv stop
take the backup of NSS database file in /etc/dirsrv
$mv *.db /tmp/mybackup
$cd /etc/dirsrv
Create a new database
$certutila -N -d /etc/dirsrv
Import the certificates from pk12 file
$pk12util -d . -i <file-name>-n <nick-name>
The nick-name is generally "server-cert", You can verify this by listing
the contents from the existing directory
$certutil -L -d /tmp/mybackup
You might have to re-import the CA certificate if required,
$certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
Regards
Niranjan
>
>
>
> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten(a)redhat.com>wrote:
>
>> s.varadha rajan wrote:
>>
>>> Hi,
>>>
>>> We are planning to configure ssl enabled Fedora directory server.we have
>>> a proper signed certificate.while importing, it is asking "Enter the
>>> password to access the Token" ? like that. even though we have given
the
>>> exact password, while creating the certificate but it is not working.
>>> I referred wiki fedora doc also but getting this error. How to use
>>> existing certificate and enable secure ldap server.
>>>
>>> I have already posted the same question but nobody is reply
>>>
>>> Regards,
>>> Varad
>>>
>>
>> Did you import the cert's private key too?
>>
>> rob
>>
>
>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
5:26 a.m.
Hi,
corresponding
http://directory.fedoraproject.org/wiki/Howto:SSL
your /etc/dirserv/slapd-<inst>/pin.txt file has to contain:
internal:<your-password>
Please check the syntax
Regards
Carsten
----- Ursprüngliche Nachricht -----
Von: "s.varadha rajan" <rajanvaradhu(a)gmail.com>
Datum: Dienstag, 9. August 2011, 11:16
Betreff: Re: [389-users] Existing certificate error
An: "General discussion list for the 389 Directory server project."
<389-users(a)lists.fedoraproject.org>
Hi Niranjan,
> Password we have used while creating the certificate, that is not accepting. this is
the problem. > @Rob, > We have the certificate in .p12 format and in that all
are integrated. generally if you imported from .p12 everything should work.
> This is where i am struck and still facing the same
issues. > Regards,> Varad >
Greetings, > Does the pkcs12 file has a
password, do you remember the password of the .pk12 file ?
> If so you can try the below >
Important, please take backup of /etc/dirsrv before attempting and also stop directory
service > #service dirsrv stop
> take the backup of NSS database file in /etc/dirsrv > $mv *.db /tmp/mybackup > $cd /etc/dirsrv > Create a new database
$certutila -N -d /etc/dirsrv > Import the certificates from
pk12 file > $pk12util -d . -i <file-name>-n <nick-name> > The nick-name is generally "server-cert", You
can verify this by listing the contents from the existing directory
> $certutil -L -d /tmp/mybackup > You
might have to re-import the CA certificate if required, > $certutil -A -d /etc/dirsrv
-a -i <CA-certificate> -t "TC,,"
> Regards> Niranjan
> On
Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten(a)redhat.com> wrote:
Hi,
We are planning to configure ssl
enabled Fedora directory server.we have
a proper signed certificate.while importing, it is asking
"Enter the
password to access the Token" ? like that. even though we
have given the
exact password, while creating the certificate but it is not
working.
I referred wiki fedora doc also but getting this error. How to
use
existing certificate and enable secure ldap server.
I have already posted the same
question but nobody is reply
Regards,
Varad
Did you import the cert's
private key too?
rob
> --
389 users mailing list
> --
> 389 users mailing list
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in dse.ldif as per
wiki.After that, i restarted then i got the below error,
* Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable to find slot
Netscape Portable Runtime error -8127 - The security card or token does not exist, needs
to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
* *** Warning: 1 instance(s) failed to start... [fail]
Any idea further please...
Regards,
Varad
2011/8/8 mallapadi niranjan <niranjan.ashok(a)gmail.com>
On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu(a)gmail.com> wrote:
s.varadha rajan wrote:
389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
9:45 p.m.
On Tue, Aug 9, 2011 at 2:46 PM, s.varadha rajan <rajanvaradhu(a)gmail.com>wrote:
Hi Niranjan,
Thx for the reply and tried as per your steps.then i made changes in
dse.ldif as per wiki.After that, i restarted then i got the below error,
* Starting 389 Directory Server instances :
[09/Aug/2011:14:41:18 +051800] - SSL alert: Security Initialization: Unable
to find slot Netscape Portable Runtime error -8127 - The security card or
token does not exist, needs to be initialized, or has been removed.)
[09/Aug/2011:14:41:18 +051800] - ERROR: SSL Initialization Failed.
* *** Warning: 1 instance(s) failed to start... [fail]
In my earlier mentioned commands , i had mentioned /etc/dirsrv, please
replace this with /etc/dirsrv/slapd-<instance-name>/ and check the results.
Any idea further please...
Regards,
Varad
2011/8/8 mallapadi niranjan <niranjan.ashok(a)gmail.com>
>
>
> On Mon, Aug 8, 2011 at 4:10 PM, s.varadha rajan <rajanvaradhu(a)gmail.com>wrote:
>
>> Hi Niranjan,
>>
>> Password we have used while creating the certificate, that is not
>> accepting. this is the problem.
>>
>> @Rob,
>>
>> We have the certificate in .p12 format and in that all are integrated.
>> generally if you imported from .p12 everything should work.
>>
>> This is where i am struck and still facing the same issues.
>>
>> Regards,
>> Varad
>>
>
> Greetings,
>
> Does the pkcs12 file has a password, do you remember the password of the
> .pk12 file ?
>
> If so you can try the below
>
> Important, please take backup of /etc/dirsrv before attempting and also
> stop directory service
> #service dirsrv stop
>
>
> take the backup of NSS database file in /etc/dirsrv
>
>
> $mv *.db /tmp/mybackup
>
> $cd /etc/dirsrv
> Create a new database
> $certutila -N -d /etc/dirsrv
>
> Import the certificates from pk12 file
> $pk12util -d . -i <file-name>-n <nick-name>
>
> The nick-name is generally "server-cert", You can verify this by listing
> the contents from the existing directory
> $certutil -L -d /tmp/mybackup
>
> You might have to re-import the CA certificate if required,
> $certutil -A -d /etc/dirsrv -a -i <CA-certificate> -t "TC,,"
>
> Regards
> Niranjan
>
>
>
>>
>>
>>
>> On Fri, Aug 5, 2011 at 7:05 PM, Rob Crittenden <rcritten(a)redhat.com>wrote:
>>
>>> s.varadha rajan wrote:
>>>
>>>> Hi,
>>>>
>>>> We are planning to configure ssl enabled Fedora directory server.we
>>>> have
>>>> a proper signed certificate.while importing, it is asking "Enter
the
>>>> password to access the Token" ? like that. even though we have
given
>>>> the
>>>> exact password, while creating the certificate but it is not working.
>>>> I referred wiki fedora doc also but getting this error. How to use
>>>> existing certificate and enable secure ldap server.
>>>>
>>>> I have already posted the same question but nobody is reply
>>>>
>>>> Regards,
>>>> Varad
>>>>
>>>
>>> Did you import the cert's private key too?
>>>
>>> rob
>>>
>>
>>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
4640
days inactive
4645
days old
389-users@lists.fedoraproject.org
7 comments
4 participants
participants (4)
-
Carsten Grzemba -
mallapadi niranjan -
Rob Crittenden -
s.varadha rajan