Do u meant this :

i already add the cert to nss and even \etc\ipa\ ca.cert repalced


[root@(LIVE) slapd-Wwww-COM]$   certutil -d /etc/pki/nssdb  -L

Certificate Nickname                                         Trust
Attributes

SSL,S/MIME,JAR/XPI

COMODO RSA Domain Validation Secure Server CA                CT,C,C
IPA CA                                                       CT,C,C
COMODO RSA Certification Authority                           CT,C,C


2015-07-06 21:39 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>:

> barry...@gmail.com wrote:
>
>> the cert already in httpd / ldap side. but it prompt error
>>
>> [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher are valid
>> [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2 Failed.
>>
>> *.wisers.com <http://wisers.com> - COMODO CA
>> Limited                             u,u,u
>> COMODO RSA Domain Validation Secure Server CA                CT,C,C
>> COMODO RSA Certification Authority                           CT,C,C
>>
>
> Taking a wild guess here due to limited information, but check the value
> of nsSSLPersonalitySSL in cn=RSA,cn=encryption,cn=config. This is the NSS
> nickname of the server certificate to use.
>
> rob
>
>
>>
>> 2015-07-06 20:01 GMT+08:00 <barry...@gmail.com <mailto:barry...@gmail.com
>> >>:
>>
>>     hi:
>>
>>     i changed cert lareadty but seemit still keep hisoty of godadday any
>>     help.??
>>
>>
>>     www-COM...[06/Jul/2015:19:59:15 +0800] - SSL alert: Security
>>     Initialization: Can't find certificate (*.wwwcom - GoDaddy.com,
>>     Inc.) for family cn=RSA,cn=encryption,cn=config (Netscape Portable
>>     Runtime error -8174 - security library: bad database.)
>>     [06/Jul/2015:19:59:15 +0800] - SSL alert: Security Initialization:
>>     Unable to retrieve private key for cert *.www.com <http://www.com> -
>>     GoDaddy.com, Inc. of family cn=RSA,cn=encryption,cn=config (Netscape
>>     Portable Runtime error -8174 - security library: bad database.)
>>     [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher are
>> valid
>>     [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2
>> Failed.
>>
>>
>>
>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to