max wrote: > > Im not sure this is the right place to pe posting something like > this.. > > I have a problem migrating an entrust secure server cert from netscape > 3.63 to iplanet 6.2 > > The two servers are physically on different machines. The 3.63 server > is no more, but before it died I copied its netscape directory across > to the new server. When I choose 'migrate certificate' from iPlanets > security menu, and specify the root as the directory where I dumped > all the netscape stuff, It imports all certs from the old server > except the entrust server cert. It does however seem to find an old > expired entrust server cert, and happily imports that. > > I still have the .crt file for our valid 3.63 cert, but pasting this > in iplanets 'install certificate' form and choosing 'replace > certificate' results in 'a private key for this certificate was not > found.
That tells us that the key3.db file does not contain the private key that goes with the certificate that you're trying to import. Without that private key, you cannot use that server cert. > I have looked at the certutil and related tools, but these dont seem > to be of any help. Even if you use certutil, as Ian suggested, your server won't be able to do SSL unless it has the private key. Did the files that you kept from the old installation include a *key*.db file? If not, then the "migrate certificate" function didn't migrate the private key because there wasn't one. If you can find the key3.db file that had the private key that goes with your server cert, then it should be possible to migrate the cert and key to the new DBs. But if you don't have the private key for the server cert, then you have no recourse but to get another cert (and private key). > I have no idea what to do. > Any assistance would be much appreciated. > > Max -- Nelson Bolyard Netscape Communications (subsidiary of AOL) Disclaimer: I speak for myself, not for Netscape
