On 03/20/2017 11:02 AM, Rob Crittenden wrote:
I think his concern may be around warnings that the NSS BDB databases
should only be updated when quiet. In the case of mod_nss it explicitly
opens the database read-only so I think you'd be safe updating the
certificate.

You are correct about my concern.  I should have noticed that mod_nss
is opening the database read-only, based on the file permissions if
nothing else.

Based on this, I should be able to do something with symlinks to make a
copy of the database, do my updates, rename the symlink to make the
updated database "live", and SIGHUP (or restart if necessary) Apache.

Thanks!

--
========================================================================
Ian Pilcher                                         arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to