{"id":1764,"date":"2017-03-02T17:02:38","date_gmt":"2017-03-02T22:02:38","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=1764"},"modified":"2017-03-02T17:02:38","modified_gmt":"2017-03-02T22:02:38","slug":"certutil-function-failed-sec_error_legacy_database-the-certificatekey-database-is-in-an-old-unsupported-format","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2017\/03\/certutil-function-failed-sec_error_legacy_database-the-certificatekey-database-is-in-an-old-unsupported-format\/","title":{"rendered":"certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate\/key database is in an old, unsupported format."},"content":{"rendered":"

I was attempting to view the certificate for my FreeIPA server:<\/p>\n

$ certutil -L -n 'IPA CA' -d \/etc\/dirsrv\/slapd-FREEIPA-OSRIC-NET\/
\ncertutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate\/key database is in an old, unsupported format.<\/code><\/p>\n

That had me worried. Was my cert\/key database corrupt? Turns out, I just didn’t have permission to read the files. It worked when I tried it with sudo<\/code>:<\/p>\n

$ sudo certutil -L -n 'IPA CA' -d \/etc\/dirsrv\/slapd-FREEIPA-OSRIC-NET\/<\/code><\/p>\n

That produced the expected output.<\/p>\n

The old, unsupported format<\/em> error is produced in a variety of cases and is often not helpful or informative. Permissions are just one reason why you might run into this message. Other reasons I’ve found include specifying a directory that does not contain the expected cert database files (i.e. cert8.db<\/code>, key3.db<\/code>, and secmod.db<\/code>), or specifying a directory that does not exist.<\/p>\n","protected":false},"excerpt":{"rendered":"

certutil can produce some misleading error messages. Make sure that the specified directory exists, contains the expected files, and is readable by the user running certutil.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[422],"tags":[434],"class_list":["post-1764","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-certutil"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=1764"}],"version-history":[{"count":5,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1764\/revisions"}],"predecessor-version":[{"id":1771,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1764\/revisions\/1771"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=1764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=1764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=1764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}