On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
> So, it apparently is not in there at all.  There are a couple dse.ldif
> backup configs in that dir, but nothing in them either.
> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
> nsslapd-security: on
> of course.

Further investigation.

In the dse.ldif for slapd-PKI-CA, there is:

nsslapd-certdir: /etc/dirsrv/slapd-PKI-IPA

There is a cert8.db and key3.db file in there.


root@ipa0 slapd-PKI-IPA]# certutil -d ./ -L

Certificate Nickname                                         Trust Attributes

[root@ipa0 slapd-PKI-IPA]#

Apparently no certs.

The cert for slapd-LAB-WHAMCLOUD-COM has this info:

        issuer: CN=Certificate Authority,O=LAB.WHAMCLOUD.COM
        subject: CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM

Since it's the same hostname, could I just copy the db files from there into 


Joshua J. Kugler -- Fairbanks, AK
Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek)
Every knee shall bow, and every tongue confess, in heaven, on earth, and under 
the earth, that Jesus Christ is LORD

Freeipa-users mailing list

Reply via email to