barry...@gmail.com wrote:
Where can i check.the config of nss?
I.modified the nssdb and imported.cert successfully.
should i change any ldif?
I already told you in my initial reply:
Check the value of nsSSLPersonalitySSL in
cn=RSA,cn=encryption,cn=config. This is the NSS nickname of the server
certificate to use.
rob
Many thks
2015年7月6日 下午11:44於 "Rob Crittenden" <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>寫道:
barry...@gmail.com <mailto:barry...@gmail.com> wrote:
Do u meant this :
i already add the cert to nss and even \etc\ipa\ ca.cert repalced
[root@(LIVE) slapd-Wwww-COM]$ certutil -d /etc/pki/nssdb -L
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
COMODO RSA Domain Validation Secure Server CA CT,C,C
IPA CA CT,C,C
COMODO RSA Certification Authority CT,C,C
This has no relationship to the error you're seeing. This database
is not used by either Apache or 389-ds.
NSS uses nicknames to reference a given certificate. This nickname
needs to exist in it's database. I'm guessing that you changed the
database, and therefore the nickname in the database, without also
updating the server configuration with this new nickname.
rob
2015-07-06 21:39 GMT+08:00 Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>>:
barry...@gmail.com <mailto:barry...@gmail.com>
<mailto:barry...@gmail.com <mailto:barry...@gmail.com>> wrote:
the cert already in httpd / ldap side. but it prompt error
[06/Jul/2015:19:59:16 +0800] - SSL failure: None of the
cipher
are valid
[06/Jul/2015:19:59:16 +0800] - ERROR: SSL
Initialization phase 2
Failed.
*.wisers.com <http://wisers.com> <http://wisers.com>
<http://wisers.com> - COMODO CA
Limited u,u,u
COMODO RSA Domain Validation Secure Server CA
CT,C,C
COMODO RSA Certification Authority
CT,C,C
Taking a wild guess here due to limited information, but
check the
value of nsSSLPersonalitySSL in
cn=RSA,cn=encryption,cn=config. This
is the NSS nickname of the server certificate to use.
rob
2015-07-06 20:01 GMT+08:00 <barry...@gmail.com
<mailto:barry...@gmail.com>
<mailto:barry...@gmail.com <mailto:barry...@gmail.com>>
<mailto:barry...@gmail.com <mailto:barry...@gmail.com>
<mailto:barry...@gmail.com <mailto:barry...@gmail.com>>>>:
hi:
i changed cert lareadty but seemit still keep
hisoty of
godadday any
help.??
www-COM...[06/Jul/2015:19:59:15 +0800] - SSL
alert: Security
Initialization: Can't find certificate (*.wwwcom -
GoDaddy.com,
Inc.) for family cn=RSA,cn=encryption,cn=config
(Netscape
Portable
Runtime error -8174 - security library: bad database.)
[06/Jul/2015:19:59:15 +0800] - SSL alert: Security
Initialization:
Unable to retrieve private key for cert *.www.com
<http://www.com>
<http://www.com> <http://www.com> -
GoDaddy.com, Inc. of family
cn=RSA,cn=encryption,cn=config
(Netscape
Portable Runtime error -8174 - security library:
bad database.)
[06/Jul/2015:19:59:16 +0800] - SSL failure: None
of the
cipher are valid
[06/Jul/2015:19:59:16 +0800] - ERROR: SSL
Initialization
phase 2 Failed.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
