On Sat, Mar 18, 2017 at 11:58:35AM -0500, Ian Pilcher wrote: > Can IPA 4.4 (on CentOS 7) use a SQLite format NSS database in > /etc/httpd/alias? > > I would presumably have to prepend "sql:" to the NSSCertificateDatabase > setting in nss.conf. > > Anything else? > > -- > ======================================================================== > Ian Pilcher arequip...@gmail.com > -------- "I grew up before Mark Zuckerberg invented friendship" -------- > ======================================================================== > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project
Hello Ian, I'm not sure but I guess there will be surprises on the way. First of all you need to migrate the DB to SQL format (1). Then you will have two DBs in alias directory one in old and one in new format. This is probably not what you want because then you can easily end up with two different sets of certificates and hard to find errors. So it's probably better to remove old DB (cert8.db, key3.db and secmod.db). But then you'll break ipa-certupdate, ipa-server-certinstall and probably others because they use the old format. Prefixing 'sql:' to HTTPD_ALIAS_DIR in /usr/lib/ptyhon2.7/site-packages/ipaplatform/base/paths.py might help but I never tried. Generally I would not recommend touching this on production system. Why do you want to change the database format? (1) certutil -d sql:HTTPD_ALIAS_DIR --upgrade-merge --source-dir HTTPD_ALIAS_DIR --upgrade-id 1 -- David Kupka
signature.asc
Description: PGP signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
