Hallo,
On 08/14/2017 04:21 PM, Rob Crittenden wrote:
Julian Gethmann via FreeIPA-users wrote:
Hallo,
Unfortunately I don't know when this problem occurred first, but it may
have occurred after an update.
The httpd does not start and aborts with the error
[:info] [pid 15383] Using nickname Server-Cert.
[...] [:error] [pid 15383] Certificate not found: 'Server-Cert'
when I want to start FreeIPA via "systemctl start ipa" or "ipactl start"
or "systemctl start httpd"
If I turn the NSSEngine off it starts of cause.
In contrast to this message "ipa-getcert list -d /etc/httpd/alias/ -n
Server-Cert" does find a certificate, if I get the output [1] right.
ipa-getcert shows certs that are tracked by certmonger but doesn't
guarantee that those certificates actually exist in the filesystem (they
did at the time tracking was started).
You need to look at the Apache NSS database:
# certutil -L -d /etc/httpd/alias
Ok, I also did this, but it seems to be there
# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Signing-Cert u,u,u
ipaCert u,u,u
Server-Cert Pu,u,u
EXAMPLE.COM IPA CA CT,C,C
Thanks,
Julian
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
