Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-16 Thread Petr Vobornik
On 09/16/2016 09:39 AM, Natxo Asenjo wrote: > hi, > > > Any clues? > output of $ cat error_log | grep INFO -A 1 | cut -c -120 shows that first cert-show was successful. It was followed by cert-request. cert-request internally called - host-show - cert_show(1) success - cert_show(162)

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-16 Thread Ben Lipton
On 09/16/2016 03:39 AM, Natxo Asenjo wrote: hi, On Thu, Sep 15, 2016 at 2:25 PM, Natxo Asenjo > wrote: hi, attached error_log Any clues? Thanks! -- -- Groeten, natxo Sorry, I'm not having any luck tracking down the

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-16 Thread Natxo Asenjo
hi, On Thu, Sep 15, 2016 at 2:25 PM, Natxo Asenjo wrote: > hi, > > attached error_log > Any clues? Thanks! -- -- Groeten, natxo -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-15 Thread Natxo Asenjo
On Thu, Sep 15, 2016 at 1:03 PM, Ben Lipton wrote: > > On 09/15/2016 03:04 AM, Natxo Asenjo wrote: > > Hi Ben, > > On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton wrote: > > One other note - this could be a permissions issue. NSS seems to produce >> this

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-15 Thread Ben Lipton
On 09/15/2016 03:04 AM, Natxo Asenjo wrote: Hi Ben, On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton > wrote: One other note - this could be a permissions issue. NSS seems to produce this confusing error message when it can't access the

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-15 Thread Natxo Asenjo
Hi Ben, On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton wrote: One other note - this could be a permissions issue. NSS seems to produce > this confusing error message when it can't access the database, even if the > format of the database is actually fine. > > $ sudo chown

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-14 Thread Ben Lipton
This may be resolved already, but just in case it's helpful: On 09/13/2016 11:26 AM, Rob Crittenden wrote: Natxo Asenjo wrote: hi, On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden > wrote: Natxo Asenjo wrote: hi, I can

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-13 Thread Rob Crittenden
Natxo Asenjo wrote: hi, On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden > wrote: Natxo Asenjo wrote: hi, I can reproduce this everytime. Restarting httpd fixes it for a while, but then ik stops working:

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-13 Thread Natxo Asenjo
hi, On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: > >> hi, >> >> I can reproduce this everytime. Restarting httpd fixes it for a while, >> but then ik stops working: >> >> $ ipa cert-show 1 >> ipa: ERROR: cannot connect to >>

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-12 Thread Rob Crittenden
Natxo Asenjo wrote: hi, I can reproduce this everytime. Restarting httpd fixes it for a while, but then ik stops working: $ ipa cert-show 1 ipa: ERROR: cannot connect to 'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-08 Thread Natxo Asenjo
On Thu, Sep 8, 2016 at 3:25 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: > >> I do see these errors: >> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO:: ping(): SUCCESS >> [Wed Sep 07 15:56:13 2016] [error] ipa: INFO: : host_find(u'tftp-1801', >> all=False, raw=False,

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Natxo Asenjo
I do see these errors: [Wed Sep 07 15:56:13 2016] [error] ipa: INFO:: ping(): SUCCESS [Wed Sep 07 15:56:13 2016] [error] ipa: INFO: : host_find(u'tftp-1801', all=False, raw=False, version=u'2.49', no_members=False, pkey_only=False): CertificateFormatError [Wed Sep 07 15:56:44 2016] [error] ipa:

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Natxo Asenjo
alas, not woriking again. On the one kdc $ ipa host-find tftp-1801 ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. On the other: $ ipa host-find tftp-1801 -- 1 host matched -- Host name:

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Rob Crittenden
Natxo Asenjo wrote: On Wed, Sep 7, 2016 at 3:27 PM, Rob Crittenden > wrote: Natxo Asenjo wrote: hi, using centos 6.8 (server and client), when trying to view some hosts we get this error: $ ipa

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Natxo Asenjo
On Wed, Sep 7, 2016 at 3:27 PM, Rob Crittenden wrote: > Natxo Asenjo wrote: > >> hi, >> >> using centos 6.8 (server and client), when trying to view some hosts we >> get this error: >> >> >> $ ipa host-find host-1920.sub.domain.tld >> ipa: ERROR: Certificate format error:

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Rob Crittenden
Natxo Asenjo wrote: hi, using centos 6.8 (server and client), when trying to view some hosts we get this error: $ ipa host-find host-1920.sub.domain.tld ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. I saw a

Re: [Freeipa-users] ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format.

2016-09-07 Thread Natxo Asenjo
On Wed, Sep 7, 2016 at 2:10 PM, Natxo Asenjo wrote: > hi, > > using centos 6.8 (server and client), when trying to view some hosts we > get this error: > > > $ ipa host-find host-1920.sub.domain.tld > ipa: ERROR: Certificate format error: (SEC_ERROR_LEGACY_DATABASE) The >