I don't want to fubar more things but it looks like the following is needed: tksTool -N -d . I have modified the setupssl > script to execute on this port. > > What version of 389-ds-base? That did the trick, but there were other plain-text items in the file. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD! check over here
Last Comment Bug266209 - certutil error message is vague when unable to create databases Summary: certutil error message is vague when unable to create databases Status: NEW Whiteboard: Keywords: Product: NSS Classification: Components Component: Tools (show other bugs) Version: 3.9.3 Platform: Sun SunOS Importance: P4 minor (vote) TargetMilestone: --- Assigned To: nobody QA Contact: TriageOwner: Mentors: URL: Depends on: Blocks: Show dependency tree /graph Reported: 2004-10-26 18:38 PDT by Jason Reid Modified: 2014-06-29 18:47 PDT (History) CC List: 4 users (show) julien.pierre neal.kuhn nelson rrelyea See Also: Crash Signature: (edit) QA Whiteboard: Iteration: --- Points: --- Tracking Flags: Attachments Add an attachment (proposed patch, testcase, etc.) Description Jason Reid 2004-10-26 18:38:02 PDT $ ls -al /tmp/toast /tmp/toast: No such file or directory $ certutil -N -d /tmp/toast certutil: NSS_Initialize failed: An I/O error occurred during security authorization. On the other hand, we have special error codes for issues opening the database, I don't know why one of these aren't being used. (though it's most likely to say something like "can't open certdb", and not include any information about what the underlying perror is(). It would reduce the number of inquiries that NSS developers must answer if the error codes were actually descriptive of the problems.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] Re: [Pki-users] certutil: unable to generate key(s) From: Fortunato
Error codes? > Red Hat Link with error codes "14.2.7. Certutil Then, if I reexecute > setupssl.sh, it generates the cert files, but (again), there is no > changes... > > Obviously, if I open 389-console, I could see this string in the > properties of "cn=encryption,cn=config". > > Including all of the ciphers in the Ciphers attribute? > Yes ! ******** Following the debugging : Finally, it works... ! Each of > the continuation lines should begin with a single space character - these > continuation lines look left justified. > I changed the name of "myhost" to put a "real hostname" corresponding to my domain. https://bugzilla.mozilla.org/show_bug.cgi?id=266209 Comment 3 Robert Relyea 2007-09-14 10:53:18 PDT Actually the PKCS #11 errors are pretty coarse in this case.
Continue typing until the progress meter is full: |************************************************************| ... -- The bigger issue is that I wanted to create a Certificate Request using certutil. -----Original Message----- >From: Chandrasekar Kannan
The error is here : > > nsSSL3Ciphers: > -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, > +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, > +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, > +tls_rsa_export1024_with_des_cbc_qsha > > > But if I do the modifications except this piece of code, ldaps can be > started on the port 636, but the cert files could not be loaded from dirsrv, > so I can not do any request in SSL... > > If you do not successfully complete TLS/SSL configuration, you will almost > always find that TLS/SSL is not working correctly. > > What errors do you get? https://support.microsoft.com/en-us/kb/918040 Comment 2 Nelson Bolyard (seldom reads bugmail) 2007-09-13 23:27:39 PDT The mapping of PKCS#11 error numbers onto NSS error codes is way too coarse. Could Not Authenticate To Token Nss Certificate Db This may take a few moments... For more details see Persona Deprecated.
Creating the admin server certificate Generating key. Note You need to log in before you can comment on or make changes to this bug. certutil should state something to the effect of "certutil: Unable to access /tmp/toast." in the case of the certificate database location not existing or being unable to access the location e.g. this content Because the Ciphers attribute LDIF does not look correct.
The best we could do would be to have a better default message. Technically PKCS#11 modules don't even have to use files. To begin, type keys on the keyboard until this progress meter is full.
This may take a few moments... Additionally there are additional inputs involved when using certutil: # certutil -R -k rsa -g 2048 -s "CN=cisco1.stargatecommand.mil" -o cisco1.cert -v 12 -d . -1 -3 -6 Enter Password or Pin for "NSS Certificate DB": A random seed must be generated that will be used in the creation of your key. All the docs reference tksTool. Thanks; Regards. > > I have checked my real hostname and other stuffs specified in the > documentation...
I assume the tksTool is part of pki-tks. -----Original Message----- >From: Marc Sauton
One of the easiest ways to create a random seed is to use the timing of keystrokes on a keyboard. After removing the cert files (cacert, db, txt files) in /etc/dirsrv/slapd-instance/ I could launch ldaps correctly. #./setupssl2.sh /etc/dirsrv/slapd-KingKong/ 9831 Using /etc/dirsrv/slapd-KingKong/ as sec directory No CA certificate found - will create new one No Server Cert found - will create new one No Admin Server Cert found - will create new one Creating password file for security token Creating noise file Creating new key and cert db Creating encryption key for CA Generating key. Generated Tue, 18 Oct 2016 03:08:04 GMT by s_ac15 (squid/3.5.20) Now I'm getting: Enter Password or Pin for "NSS Certificate DB": I did not set this Password/PIN.
It would be far better to report that C_Initialize failed than some generic IO error. Updating Attribute Encryption for New SSL/TLS Certificates" : http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_SSL.html Another error : Starting dirsrv: KingKong...[16/Dec/2010:13:52:16 +0100] SSL Initialization - Warning: certificate DB file cert8.db nor cert7.db exists in [/etc/dirsrv/slapd-KingKong] - SSL initialization will likely fail [16/Dec/2010:13:52:16 +0100] SSL Initialization - Warning: key DB file /etc/dirsrv/slapd-KingKong/key3.db does not exist - SSL initialization will likely fail [16/Dec/2010:13:52:16 +0100] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.) [16/Dec/2010:13:52:16 +0100] - ERROR: SSL Initialization Failed. > I also try to : > - edit dse.ldif file in the dirsrv DS configuration directory and delete > the line corresponding to the cert files as Red Hat documentation tells > (after stoping dirsrv service). > > Since you did not successfully complete TLS/SSL configuration, you will > find that TLS/SSL is not working correctly. > > Can you provide a link to the Red Hat docs? > > We can see that dirsrv reload the cert files in the dse.ldif file, but it > changed nothing. > - delete every *.db and *.txt files and cacert.csa.