So I finally got it to take by doing the following:
[root@hypersouth ~]# openssl pkcs12 -export -out hypersouth-net.p12
-inkey /etc/pki/tls/private/hypersouth_auth-2019.key -in
/etc/pki/tls/certs/hypersouth.aasteel.net.pem -certfile
/etc/pki/ca-trust/source/anchors/RapidSSLCA.crt
Enter pass
I caught my mistake and corrected but now I get:
[root@hypersouth SSL]# pk12util -i hypersouth-net.p12 -d
/etc/dirsrv/slapd-hypersouth/ -W password
Enter Password or Pin for "NSS Certificate DB":
pk12util: PKCS12 decode not verified: SEC_ERROR_BAD_PASSWORD: The
security password entered is
Marc,
Here is what I get:
[root@hypersouth SSL]# pk12util -i hypersouth-net.p12
/etc/dirsrv/slapd-hypersouth/ -W password
pk12util: function failed: SEC_ERROR_LEGACY_DATABASE: The
certificate/key database is in an old, unsupported format.
[root@hypersouth SSL]#
Regards,
Fernando Fuentes
Marc,
Thank you!
I will report back soon.
Regards,
Fernando Fuentes
Supervisor & Senior Systems Administrator
Email: ffuen...@aasteel.com
American Alloy Steel, Inc.
Houston, Texas
Website: http://www.aasteel.com
Phone: 713-744-4222
Fax: 713-300-5688
On 8/22/19 2:31 AM, Marc Muehlfeld
Hi Fernando,
On 8/22/19 5:21 AM, Fernando Fuentes wrote:
Is there a how to for this procedure?
## Convert to PKCS#12:
# openssl pkcs12 -export -out demo.p12 -inkey
pki/private/demo.example.com.key -in pki/issued/demo.example.com.crt
Enter pass phrase for pki/private/demo.example.com.key:
use pk12util to import the certificate into a NSS
>certificate database (cert9.db,key4.db).
>
>
>-Original Message-
>From: Fernando Fuentes
>Sent: Wednesday, August 21, 2019 7:26 PM
>To: 389-users@lists.fedoraproject.org
>Subject: [389-users] Re: SSL on console
>
>
@lists.fedoraproject.org
Subject: [389-users] Re: SSL on console
I think I found my problem. The server does not like the certificate because it
was not generated inside fedora389 and it does not hold the key.
300 Dollars wasted...
Before I called this one the quits... Is there a way to import
I think I found my problem. The server does not like the certificate
because it was not generated inside fedora389 and it does not hold the key.
300 Dollars wasted...
Before I called this one the quits... Is there a way to import a key and
cert generated at the OS level and not inside
By the way I follow thsi steps and I had no success.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/managing_ssl
It wont allow me to enable it because there is no certificate for the
console. Funny part is that the instructions say to only