barry...@gmail.com wrote:
Do u meant this :

i already add the cert to nss and even \etc\ipa\ ca.cert repalced


[root@(LIVE) slapd-Wwww-COM]$   certutil -d /etc/pki/nssdb  -L

Certificate Nickname                                         Trust
Attributes

SSL,S/MIME,JAR/XPI

COMODO RSA Domain Validation Secure Server CA                CT,C,C
IPA CA                                                       CT,C,C
COMODO RSA Certification Authority                           CT,C,C

This has no relationship to the error you're seeing. This database is not used by either Apache or 389-ds.

NSS uses nicknames to reference a given certificate. This nickname needs to exist in it's database. I'm guessing that you changed the database, and therefore the nickname in the database, without also updating the server configuration with this new nickname.

rob



2015-07-06 21:39 GMT+08:00 Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>:

    barry...@gmail.com <mailto:barry...@gmail.com> wrote:

        the cert already in httpd / ldap side. but it prompt error

        [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher
        are valid
        [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2
        Failed.

        *.wisers.com <http://wisers.com> <http://wisers.com> - COMODO CA
        Limited                             u,u,u
        COMODO RSA Domain Validation Secure Server CA                CT,C,C
        COMODO RSA Certification Authority                           CT,C,C


    Taking a wild guess here due to limited information, but check the
    value of nsSSLPersonalitySSL in cn=RSA,cn=encryption,cn=config. This
    is the NSS nickname of the server certificate to use.

    rob



        2015-07-06 20:01 GMT+08:00 <barry...@gmail.com
        <mailto:barry...@gmail.com> <mailto:barry...@gmail.com
        <mailto:barry...@gmail.com>>>:

             hi:

             i changed cert lareadty but seemit still keep hisoty of
        godadday any
             help.??


             www-COM...[06/Jul/2015:19:59:15 +0800] - SSL alert: Security
             Initialization: Can't find certificate (*.wwwcom - GoDaddy.com,
             Inc.) for family cn=RSA,cn=encryption,cn=config (Netscape
        Portable
             Runtime error -8174 - security library: bad database.)
             [06/Jul/2015:19:59:15 +0800] - SSL alert: Security
        Initialization:
             Unable to retrieve private key for cert *.www.com
        <http://www.com> <http://www.com> -
             GoDaddy.com, Inc. of family cn=RSA,cn=encryption,cn=config
        (Netscape
             Portable Runtime error -8174 - security library: bad database.)
             [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the
        cipher are valid
             [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization
        phase 2 Failed.







--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to