On 21.10.2016 02:57, Michal Kaspar wrote: > Package: 389-ds-base > Version: 1.3.5.13-1 > Severity: important > > Dear Maintainer, > After recent updates the 389 directory server fails to start SSL on port > 636. The rest of server starts fine but in the logs, there is an error > message: > SSL alert: Security Initialization: Unable to create PinObj (Netscape > Portable Runtime error -5977 - Failure to load dynamic library.) > ERROR: SSL Initialization Failed. Disabling SSL. > When I ran strace on ns-slapd, I've noticed it's missing file > /etc/dirsrv/slapd-suffix/libnssckbi.so. After linking > /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so from package libnss3 the > error message changed to: > SSL alert: Security Initialization: Unable to create PinObj (Netscape > Portable Runtime error -8015 - The certificate/key database is in an old, > unsupported format or failed to open.) > I've checked the cert db with certutil -L -d /etc/dirsrv/slapd-suffix > and it seems OK. The certificate is valid until the start of the > november so I have no idea now, where the problem might be. Is it some > libraries incompatibility or are there some other steps I can do to > debug the issue. > I'm running 389 server as a part of freeipa installation, so I'm now not > able to issue different certificate to test, becouse the CA can't start > without LDAP server running.
Yeah, I'm seeing the same :/ I'll ask upstream about it. -- t
