Morgan Marodin wrote:
> Hi Rob.
> I've just tried to remove the group write to the *.db files, but it's
> not the problem.
I didn't expect it to be but you don't want Apache having write access
to your certs and keys.
> /[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
> NSSNickname Server-Cert/
> I've tried to run manually /dirsrv.target/ and /krb5kdc.service/, and it
> works, services went up.
> The same for /ntpd/, /named-pkcs11.service/, /smb.service/,
> /winbind.service/, /kadmin.service/, /memcached.service/ and
Good, so you can limp along for a while then.
> Any other ideas?
So you upgraded. What did you actually upgrade? Only the IPA packages or
a lot more?
What version is running now, and what version of mod_nss?
$ rpm -q mod_nss
Let's see if the NSS tools can find the cert:
# certutil -V -u V -d /etc/httpd/alias -n Server-Cert
Should come back with: certutil: certificate is valid
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project