ipa host-find produces this ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.
and ipa host-show on only one of the hosts show ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. all the other hosts are fine. Thanks! David > On May 29, 2015, at 1:35 AM, Petr Vobornik <pvobo...@redhat.com> wrote: > > On 05/29/2015 10:02 AM, Martin Kosek wrote: >> On 05/29/2015 01:27 AM, David Lin wrote: >>> Hi, >>> When I try to add multiple hosts, on the web UI, when I go to the host >>> tab, > > This means that Web UI calls `ipa host-find` and couple of `ipa host-show` > commands. Could you try it in CLI find out which command fails? > > So other web ui tabs work? Does service tab work(services has some common > logic with hosts)? > >> I get >>> Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The >>> certificate/key database is in an old, unsupported format. >>> >>> What does this mean? > > NSS returns SEC_ERROR_LEGACY_DATABASE when it can't read the database > directory (for any reason, including non-existent directory) > >> >> That's strange. CCIng Petr. Maybe /etc/httpd/alias NSS database was >> somehow damaged? Although I doubt that, in that case Apache would not be >> able to serve https even. > > +1 > >> >>> On one of the hosts, I do notice that when i do >>> >>> ipa host-show >>> >>> there is no certificate listed. >> >> If you are using FreeIPA 4.1+, this is expected: >> >> https://fedorahosted.org/freeipa/ticket/4449 >> >> Martin >> > > -- > Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project