On 03/20/2017 11:02 AM, Rob Crittenden wrote:
I think his concern may be around warnings that the NSS BDB databases should only be updated when quiet. In the case of mod_nss it explicitly opens the database read-only so I think you'd be safe updating the certificate.
You are correct about my concern. I should have noticed that mod_nss is opening the database read-only, based on the file permissions if nothing else. Based on this, I should be able to do something with symlinks to make a copy of the database, do my updates, rename the symlink to make the updated database "live", and SIGHUP (or restart if necessary) Apache. Thanks! -- ======================================================================== Ian Pilcher arequip...@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project