Hi Ben,

On Wed, Sep 14, 2016 at 2:45 PM, Ben Lipton <blip...@redhat.com> wrote:

One other note - this could be a permissions issue. NSS seems to produce
> this confusing error message when it can't access the database, even if the
> format of the database is actually fine.
>
> $ sudo chown root:root /tmp/certs
> $ certutil -N -d /tmp/certs
> certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
> database is in an old, unsupported format.
>

Thanks for the tip. What directory should I check? I have checked:


[root@kdc01 httpd]$ ls -ltrZ /etc/httpd/alias/
-rw-r-----. root apache unconfined_u:object_r:cert_t:s0  secmod.db.orig
-rw-r-----. root apache unconfined_u:object_r:cert_t:s0  key3.db.orig
-rw-r-----. root apache unconfined_u:object_r:cert_t:s0  cert8.db.orig
-rw-------. root root   unconfined_u:object_r:cert_t:s0  install.log
-rw-rw----. root apache unconfined_u:object_r:cert_t:s0  pwdfile.txt
-rw-rw----. root apache unconfined_u:object_r:cert_t:s0  secmod.db
-r--r--r--. root root   unconfined_u:object_r:cert_t:s0  cacert.asc.orig
-r--r--r--. root root   unconfined_u:object_r:cert_t:s0  cacert.asc
lrwxrwxrwx. root root   system_u:object_r:cert_t:s0      libnssckbi.so ->
../../..//usr/lib/libnssckbi.so
-rw-rw----. root apache unconfined_u:object_r:cert_t:s0  key3.db
-rw-rw----. root apache unconfined_u:object_r:cert_t:s0  cert8.db

[root@kdc01 httpd]$ ls -ltrdZ /etc/httpd/alias/
drwxr-xr-x. root root system_u:object_r:cert_t:s0      /etc/httpd/alias/


Those seem ok.
--
Groeten,
natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to