Re: [Pki-users] certutil: unable to generate key(s)

Thanks! Fixed the -d option. Now I'm getting: Enter Password or Pin for "NSS Certificate DB":

I did not set this Password/PIN. All the docs reference tksTool. I don't want to fubar more things but it looks like the following is needed: tksTool -N -d . I assume the tksTool is part of pki-tks. -----Original Message----- >From: Marc Sauton <msauton(a)redhat.com&gt; >Sent: Apr 29, 2009 11:42 AM >To: Fortunato <fortunato.montresor(a)earthlink.net&gt; >Cc: pki-users(a)redhat.com >Subject: Re: [Pki-users] certutil: unable to generate key(s) > >Marc Sauton wrote: >> Fortunato wrote: >>> Hello, >>> >>> I haven't found information on the topic but it looks like there's a >>> problem with certutil - using IPv4. >>> >>> [root@localhost alias]# certutil -R -k rsa -g 2048 -s >>> "CN=cisco1.localdomain.com" -o cisco1.cert -v 12 -d >>> /var/lib/pki-sub-ca/ -1 -3 -6 >>> certutil: unable to generate key(s) >>> : An I/O error occurred during security authorization. >>> >>> Any ideas would be welcome. >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users(a)redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >>> >> May want to tweak the -d option to point to the alias directory >> <path-to-alias-dir>, not just /var/lib/pki-sub-ca/ >> M. >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users >Side note: the i/o error happens because of the missing NSS db files, >either wrong alias directory with -d, or need a certutil -N -d <path> to >create them. >M. _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users