Julian Gethmann via FreeIPA-users wrote:
> Hallo,
> 
> Unfortunately I don't know when this problem occurred first, but it may
> have occurred after an update.
> The httpd does not start and aborts with the error
> 
> [:info] [pid 15383] Using nickname Server-Cert.
> [...] [:error] [pid 15383] Certificate not found: 'Server-Cert'
> 
> when I want to start FreeIPA via "systemctl start ipa" or "ipactl start"
> or "systemctl start httpd"
> If I turn the NSSEngine off it starts of cause.
> 
> In contrast to this message "ipa-getcert list -d /etc/httpd/alias/ -n
> Server-Cert" does find a certificate, if I get the output [1] right.

ipa-getcert shows certs that are tracked by certmonger but doesn't
guarantee that those certificates actually exist in the filesystem (they
did at the time tracking was started).

You need to look at the Apache NSS database:

# certutil -L -d /etc/httpd/alias

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to