Thanks for replying
The missing certs are the real problem. You can look in
/root/cacerts.p12 to see if the private keys exist there. The password
is the Directory Manager password.
# pk12util -l /root/cacert.p12 |grep Friend
The names will appear twice, one for the private key and one for the
public cert.
This is what I get:
pk12util: PKCS12 decode not verified: SEC_ERROR_PKCS12_INVALID_MAC:
Unable to import. Invalid MAC. Incorrect password or corrupt file.
Friendly Name: caSigningCert cert-pki-ca
Friendly Name: ocspSigningCert cert-pki-ca
Friendly Name: subsystemCert cert-pki-ca
Friendly Name: auditSigningCert cert-pki-ca
Friendly Name: caSigningCert cert-pki-ca
Friendly Name: ocspSigningCert cert-pki-ca
Friendly Name: subsystemCert cert-pki-ca
Friendly Name: auditSigningCert cert-pki-ca
Friendly Name: Server-Cert cert-pki-ca
Sean