Hi Ben, On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton <[email protected]> wrote:
One other note - this could be a permissions issue. NSS seems to produce > this confusing error message when it can't access the database, even if the > format of the database is actually fine. > > $ sudo chown root:root /tmp/certs > $ certutil -N -d /tmp/certs > certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key > database is in an old, unsupported format. > Thanks for the tip. What directory should I check? I have checked: [root@kdc01 httpd]$ ls -ltrZ /etc/httpd/alias/ -rw-r-----. root apache unconfined_u:object_r:cert_t:s0 secmod.db.orig -rw-r-----. root apache unconfined_u:object_r:cert_t:s0 key3.db.orig -rw-r-----. root apache unconfined_u:object_r:cert_t:s0 cert8.db.orig -rw-------. root root unconfined_u:object_r:cert_t:s0 install.log -rw-rw----. root apache unconfined_u:object_r:cert_t:s0 pwdfile.txt -rw-rw----. root apache unconfined_u:object_r:cert_t:s0 secmod.db -r--r--r--. root root unconfined_u:object_r:cert_t:s0 cacert.asc.orig -r--r--r--. root root unconfined_u:object_r:cert_t:s0 cacert.asc lrwxrwxrwx. root root system_u:object_r:cert_t:s0 libnssckbi.so -> ../../..//usr/lib/libnssckbi.so -rw-rw----. root apache unconfined_u:object_r:cert_t:s0 key3.db -rw-rw----. root apache unconfined_u:object_r:cert_t:s0 cert8.db [root@kdc01 httpd]$ ls -ltrdZ /etc/httpd/alias/ drwxr-xr-x. root root system_u:object_r:cert_t:s0 /etc/httpd/alias/ Those seem ok. -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
