Jakub Bittner wrote:

I am using IPA version 3.0 on server and if I want to install on ubuntu
with ipa-client-install certutil in the end this command
"/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
/etc/ipa/ca.crt" fails.

If I try it manually it says:

certutil: function failed: The certificate/key database is in an old,
unsupported format.

I dont know for what I need nssdb. Is there a way how to recreate this
nssdb file?

Is it safe to assume that there is no NSS database in /etc/pki/nssdb (the certutil error msgs are horrible)? There should be 3 .db files, keyX.db, certY.db and secmod.db.

To create an empty one do:

certutil -N -d /etc/pki/nssdb

You can set no password on this by pressing ENTER twice at the password prompts.

These files are typically root:root mode 644.


Freeipa-users mailing list

Reply via email to