On 05/01/18 20:59, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
hi everyone

apologies first and foremost as this does not concert IPA directly, I've
tried apache's list but no help I found there(yet). So I know Apache's
experts traverse here thus maybe more luck here.
I'm experiencing a weird thing. What I'm trying to do I believe must be
so common that many of you have done it and thus could advice.
I converted my let's encrypt cert into a new cert8.db(but also tried
cert9.db, as belowe), and I have in config:

<VirtualHost none.net:443>
   DocumentRoot /usr/share/wordpress.none
   DirectoryIndex index.php index.html
   ServerName none.net
   ServerAlias www

   NSSEngine on

   NSSCertificateDatabase sql:/etc/httpd/none
   NSSNickname "none.net - Let's Encrypt"

   ErrorLog /var/log/httpd/none.net_443-error.log
   CustomLog /var/log/httpd/none.net_443-access.log common

When I do:

$ certutil -L -d sql:/etc/httpd/none/

Certificate Nickname                                         Trust

none.net - Let's Encrypt                                   u,u,u
Let's Encrypt Authority X3 - Digital Signature Trust Co.     CT,C,C

So all good, right? Cert is there in the database, yet Apache fails to

[Thu Jan 04 15:34:17.188664 2018] [:error] [pid 21849:tid
140612518500608] Certificate not found: 'none.net'

Is this not ... well, strange.
I presume NSS can handle multiple NSSCertificateDatabase(per VirtualHost) ?
Not files permission, not selinux.
What can be a problem here?
There can be only one NSSCertificateDatabase right now. I've been toying
with NSS contexts which might allow multiple but it is pretty low

you guys are the best, not for freeipa only, but as for "helpers" too.
many! thanks.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to