1:52 p.m.
Thanks!
Fixed the -d option.
Now I'm getting:
Enter Password or Pin for "NSS Certificate DB":
I did not set this Password/PIN. All the docs reference tksTool. I don't want to fubar
more things but it looks like the following is needed:
tksTool -N -d .
I assume the tksTool is part of pki-tks.
-----Original Message-----
From: Marc Sauton <msauton(a)redhat.com>
Sent: Apr 29, 2009 11:42 AM
To: Fortunato <fortunato.montresor(a)earthlink.net>
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] certutil: unable to generate key(s)
Marc Sauton wrote:
> Fortunato wrote:
>> Hello,
>>
>> I haven't found information on the topic but it looks like there's a
>> problem with certutil - using IPv4.
>>
>> [root@localhost alias]# certutil -R -k rsa -g 2048 -s
>> "CN=cisco1.localdomain.com" -o cisco1.cert -v 12 -d
>> /var/lib/pki-sub-ca/ -1 -3 -6
>> certutil: unable to generate key(s)
>> : An I/O error occurred during security authorization.
>>
>> Any ideas would be welcome.
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
> May want to tweak the -d option to point to the alias directory
> <path-to-alias-dir>, not just /var/lib/pki-sub-ca/
> M.
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
Side note: the i/o error happens because of the missing NSS db files,
either wrong alias directory with -d, or need a certutil -N -d <path> to
create them.
M.
1:56 p.m.
New subject: certutil: unable to generate key(s)
On Wed, 2009-04-29 at 11:52 -0700, Fortunato wrote:
Thanks!
Fixed the -d option.
Now I'm getting:
Enter Password or Pin for "NSS Certificate DB":
cat /var/lib/pki-sub-ca/conf/password.conf contains what you need.
Look for internal token password.
I did not set this Password/PIN. All the docs reference tksTool. I don't want to
fubar more things but it looks like the following is needed:
tksTool -N -d .
I assume the tksTool is part of pki-tks.
-----Original Message-----
>From: Marc Sauton <msauton(a)redhat.com>
>Sent: Apr 29, 2009 11:42 AM
>To: Fortunato <fortunato.montresor(a)earthlink.net>
>Cc: pki-users(a)redhat.com
>Subject: Re: [Pki-users] certutil: unable to generate key(s)
>
>Marc Sauton wrote:
>> Fortunato wrote:
>>> Hello,
>>>
>>> I haven't found information on the topic but it looks like there's a
>>> problem with certutil - using IPv4.
>>>
>>> [root@localhost alias]# certutil -R -k rsa -g 2048 -s
>>> "CN=cisco1.localdomain.com" -o cisco1.cert -v 12 -d
>>> /var/lib/pki-sub-ca/ -1 -3 -6
>>> certutil: unable to generate key(s)
>>> : An I/O error occurred during security authorization.
>>>
>>> Any ideas would be welcome.
>>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>
>> May want to tweak the -d option to point to the alias directory
>> <path-to-alias-dir>, not just /var/lib/pki-sub-ca/
>> M.
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>Side note: the i/o error happens because of the missing NSS db files,
>either wrong alias directory with -d, or need a certutil -N -d <path> to
>create them.
>M.
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chandrasekar Kannan -- ckannan(a)redhat.com
Quality Engineering -- http://www.redhat.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2:06 p.m.
New subject: certutil: unable to generate key(s)
Fortunato wrote:
Thanks!
Fixed the -d option.
Now I'm getting:
Enter Password or Pin for "NSS Certificate DB":
I did not set this Password/PIN.
means you are creating new NSS db files in the
directory specified
All the docs reference tksTool.
not in:
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Gu...
may be in:
http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Gu...
?
I don't want to fubar more things but it looks like the
following is needed:
tksTool -N -d .
will do it too, just make sure you are doing this in the directory you
want to.
I assume the tksTool is part of pki-tks.
yes, you can verify with a
rpm -qf /usr/bin/tkstool
should get something with the string:
pki-native-tools
not sure why you want to use tkstool instead of certutil, or what may be
the bigger issue.
-----Original Message-----
> From: Marc Sauton <msauton(a)redhat.com>
> Sent: Apr 29, 2009 11:42 AM
> To: Fortunato <fortunato.montresor(a)earthlink.net>
> Cc: pki-users(a)redhat.com
> Subject: Re: [Pki-users] certutil: unable to generate key(s)
>
> Marc Sauton wrote:
>
>> Fortunato wrote:
>>
>>> Hello,
>>>
>>> I haven't found information on the topic but it looks like there's a
>>> problem with certutil - using IPv4.
>>>
>>> [root@localhost alias]# certutil -R -k rsa -g 2048 -s
>>> "CN=cisco1.localdomain.com" -o cisco1.cert -v 12 -d
>>> /var/lib/pki-sub-ca/ -1 -3 -6
>>> certutil: unable to generate key(s)
>>> : An I/O error occurred during security authorization.
>>>
>>> Any ideas would be welcome.
>>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>>
>>>
>> May want to tweak the -d option to point to the alias directory
>> <path-to-alias-dir>, not just /var/lib/pki-sub-ca/
>> M.
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>
> Side note: the i/o error happens because of the missing NSS db files,
> either wrong alias directory with -d, or need a certutil -N -d <path> to
> create them.
> M.
>
5715
days inactive
5715
days old
2 comments
3 participants
participants (3)
-
Chandrasekar Kannan -
Fortunato -
Marc Sauton