I have the same permissions.
CTu,u,u works with my previous servers. Since I did a certutil -L -d .... before the
restart, I know that the database was fine before I restarted the server.
-Reinhard
-----Original Message-----
From: 389-users-bounces(a)lists.fedoraproject.org
[mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Gerrard Geldenhuis
Sent: Tuesday, September 28, 2010 2:47 PM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] 389 DS 1.2.6. and certificates
Hi
I have seen similar problems... in my case the database became corrupt if I changed it
while dirsrv were running.
Also check permissions:
-rw------- 1 nobody root 65536 Aug 12 12:18 cert8.db
-rw------- 1 nobody root 16384 Aug 12 12:18 key3.db
-rw------- 1 nobody root 16384 Sep 28 17:08 secmod.db
and my CA only have CT,,
Not sure that would make a difference but worth checking.
Regards
________________________________________
From: 389-users-bounces(a)lists.fedoraproject.org
[389-users-bounces(a)lists.fedoraproject.org] on behalf of Reinhard Nappert
[rnappert(a)juniper.net]
Sent: 28 September 2010 16:24
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] 389 DS 1.2.6. and certificates
Yes, I built it myself on 4.4.
No, it does not make a difference when I change the files to read only, before I restart
the server
-----Original Message-----
From: 389-users-bounces(a)lists.fedoraproject.org
[mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Rich Megginson
Sent: Tuesday, September 28, 2010 11:05 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] 389 DS 1.2.6. and certificates
Reinhard Nappert wrote:
Hi,
I built and installed the 389 Directory Server 1.2.6 on CentOS 4.4.
Do you mean
5.5? Or did you build it yourself?
The server works fine.
Then, I generated the certs (using certutil) and imported them in the
cert-store. The certs are generated basically generated by the
setupssl2.sh script. When I list the certs afterwards, everything
looks fine:
certutil -L -d /etc/dirsrv/<dir-instance>
CA certificate CTu,u,u
<hostname> u,u,u
However, when I restart the server, I get the following error and the
server does not come up anymore:
[28/Sep/2010:10:45:40 -0400] - SSL alert: Security Initialization: NSS
initialization failed (Netscape Portable Runtime error -8174 -
security library: bad database.): certdir: /etc/dirsrv/<dir-instance>
Not surprisingly, the certutil -L -d .... comes up with the same error:
certutil: function failed: security library: bad database.
Any idea, what goes wrong there?
Not sure. After running the script to generate
the certs, can you change the cert8.db, key3.db, and secmod.db files to be read only (mode
0400), before starting the directory server? Does that help?
Thanks,
-Reinhard
----------------------------------------------------------------------
--
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to
scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users