KB Article #177725

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported

Problem

Running 'certutil' to generate a request, this error is thrown:

admin@paphos:~/tmp/certgen> certutil -R -d /etc/apache2/mod_nss.d -s

"CN=paphos, O=paphos, L=BUCH, ST=BUCH, C=RO" -p 990099 -o apiportal.csr

-k rsa -g 2048 -a - Z SHA256 -v 36
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported



Resolution

Command to be run under root account:

paphos:~ # certutil -R -d /etc/apache2/mod_nss.d -s "CN=www.axway.com, O=paphos, L=BUCH, ST=BUCH, C=RO" -p 990099 -o apiportal.csr -k rsa -g 2048 -a - Z SHA256 -v 36
A random seed must be generated that will be used in the
creation of your key. One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.
To begin, type keys on the keyboard until this progress meter
is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!

Continue typing until the progress meter is full:
|************************************************************|
Finished. Press enter to continue:

Generating key. This may take a few moments...
paphos:~ #
paphos:~ # ll|grep api
-rw-r----- 1 root root 1160 Feb 12 16:27 apiportal.csr

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.