On 05/01/18 20:59, Rob Crittenden wrote:
you guys are the best, not for freeipa only, but as for
lejeczek via FreeIPA-users wrote:
apologies first and foremost as this does not concert IPA directly, I've
tried apache's list but no help I found there(yet). So I know Apache's
experts traverse here thus maybe more luck here.
I'm experiencing a weird thing. What I'm trying to do I believe must be
so common that many of you have done it and thus could advice.
I converted my let's encrypt cert into a new cert8.db(but also tried
cert9.db, as belowe), and I have in config:
DirectoryIndex index.php index.html
NSSNickname "none.net - Let's Encrypt"
CustomLog /var/log/httpd/none.net_443-access.log common
When I do:
$ certutil -L -d sql:/etc/httpd/none/
Certificate Nickname Trust
none.net - Let's Encrypt u,u,u
Let's Encrypt Authority X3 - Digital Signature Trust Co. CT,C,C
So all good, right? Cert is there in the database, yet Apache fails to
[Thu Jan 04 15:34:17.188664 2018] [:error] [pid 21849:tid
140612518500608] Certificate not found: 'none.net'
Is this not ... well, strange.
I presume NSS can handle multiple NSSCertificateDatabase(per VirtualHost) ?
Not files permission, not selinux.
What can be a problem here?
There can be only one NSSCertificateDatabase right now. I've been toying
with NSS contexts which might allow multiple but it is pretty low
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org