On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root@ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root@ipa0 slapd-PKI-IPA]#
> 
> So, it apparently is not in there at all.  There are a couple dse.ldif
> backup configs in that dir, but nothing in them either.
> 
> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
> 
> nsslapd-security: on
> 
> of course.

Further investigation.

In the dse.ldif for slapd-PKI-CA, there is:

nsslapd-certdir: /etc/dirsrv/slapd-PKI-IPA

There is a cert8.db and key3.db file in there.

However:

root@ipa0 slapd-PKI-IPA]# certutil -d ./ -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

[root@ipa0 slapd-PKI-IPA]#

Apparently no certs.

The cert for slapd-LAB-WHAMCLOUD-COM has this info:

        issuer: CN=Certificate Authority,O=LAB.WHAMCLOUD.COM
        subject: CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM

Since it's the same hostname, could I just copy the db files from there into 
/etc/dirsrv/slapd-PKI-CA?

j


-- 
Joshua J. Kugler -- Fairbanks, AK
Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek)
Every knee shall bow, and every tongue confess, in heaven, on earth, and under 
the earth, that Jesus Christ is LORD

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to