Hi Peter, You do not have the private key properly loaded with the rest of the certificate in your database. The database listing looks like this with a private key properly loaded:
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI cbgc03 u,u,u The "u" sign indicates that you have a user certificate / private key. With the "certutil -R" command you generated only a certificate request which needs to be signed by certification authority. Do you want to use signed or self-signed certificate? In case self-signed is OK for you, you can create it for example like this: certutil -S -d ./server_db/ -n yourCertNickName -s "CN=my.host.com" -g 2048 -Z SHA512 In case you want to use signed certificate, have the CSR file you have signed by your CA and then load the CRT file which they give you in return using following command: certutil -A -d ./server_db/ -i signed.crt -n yourCertNickName Afterwards your certificate database be correct ... Regards Jakub On Tue, Sep 18, 2012 at 10:50 PM, walshp <[email protected]> wrote: > Not sure if this is part of issue. On one system (masked): > > certutil -K -d server_db/ -f server_db/pfile: > < 0> rsa 780azzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz (orphan) > > certutil -L -d server_db/ -f server_db/pfile > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > aaaa.bb.ccccc.net ,, > twate CT,, > > However, pk12util -o messaging.p12 -n aaaa.bb.ccccc.net -d server_db/: > pk12util: no user certs from given nickname > > Could there be a problem with key? Here is the command used to generate key > & csr: > certutil -R -s "CN= aaaa.bb.ccccc.net > ,OU=yyyy,O=qqqqq,L=Anytown,ST=NY,C=US" -g 2048 -d server_db/ -o zzzz.csr -a > -n aaaa.bb.ccccc.net > > > This issue does not exist in another environment with the same failure/error > message. It does not have a (orphan) in the certutil -K -d server_db/ > output. > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Broker-SSL-Config-tp7582284p7582293.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
