Natxo Asenjo wrote:
On Thu, Sep 29, 2016 at 7:37 AM, Jim Richard <jrich...@placeiq.com
Thanks Rob, that worked.
Still on the subject of certs, any idea how to solve this error:
Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The
certificate/key database is in an old, unsupported format.
I see that in the gui when querying hosts as well as from cli when I
ipa-show or ipa-find
I have had this too, and we did not find a solution (search my recent
posts on the archives). As a workaround I have created replicas and
decommissioned the older replicas.
On the one hand I'm glad this fixed it for you. On the other it is a
rather unsatisfying answer. Unfortunately NSS doesn't always provide the
most context with its error messages. This error is usually seen when
one tries to open a non-existent database, which in this case is a very
strange thing, especially since it goes from working to non-working in
the same apache process over a few minutes.
I'm not sure how I'd troubleshoot this if it were easily reproducible. I
suspect we'd need to figure out which database cannot be found (most
likely /etc/httpd/alias) and go from there. An strace is a brute-force
way to see the file open but finding the right process to attach to is a
bit of an art.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project