URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround: If there are issues with multiple certs, we still have the "VALID" cert pem file. Issue the certutil -D command, repeating it for each copy of the same name cert, until none are left. Then add the cert in again from the pem file (as in step 3.6).

Description: Guided Exercise: Managing Certificates

Step 3.6 (p149)

Before adding the new cert, we should remove the old cert from the NSS Database.

certutil -L -d ~/idmuser-01-cert/ will show the certificates and their name.

certutil -D -d ~/idmuser01-cert/ -n idmuser01

(the CAPITOL D is important to remove ONLY the cert and not also the key!)

otherwise there will be two copies of a cert with the same name, one revoked, when we export the database in later steps. Firefox can find the revoked one first and fail to authenticate in the upcoming GE.