Command ipa-server-upgrade failed due to missing key database

Solution Unverified - Updated -

Issue

  • The ipa-server-upgrade command failed with the following errors displayed on the terminal or in /var/log/ipaupgrade.log:
ipa: DEBUG: stderr=certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
...
ipa: ERROR: Upgrade failed with Command '/usr/bin/certutil -d /etc/httpd/alias -L -f /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255
...
CalledProcessError: Command '/usr/bin/certutil -d /etc/httpd/alias -L -f /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255
...
RuntimeError: Command '/usr/bin/certutil -d /etc/httpd/alias -L -f /etc/httpd/alias/pwdfile.txt' returned non-zero exit status 255
  • The files cert8.db, ipasession.key, key3.db, pwdfile.txt, and/or secmod.db may be missing from /etc/httpd/alias.

Environment

  • Red Hat Enterprise Linux 7
  • Identity Management (IDM)
  • Red Hat Directory Server

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content