hi everyone
apologies first and foremost as this does not concert IPA
directly, I've tried apache's list but no help I found
there(yet). So I know Apache's experts traverse here thus
maybe more luck here.
I'm experiencing a weird thing. What I'm trying to do I
believe must be so common that many of you have done it and
thus could advice.
I converted my let's encrypt cert into a new cert8.db(but
also tried cert9.db, as belowe), and I have in config:
<VirtualHost none.net:443>
DocumentRoot /usr/share/wordpress.none
DirectoryIndex index.php index.html
ServerName none.net
ServerAlias www
NSSEngine on
NSSCipherSuite
+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSCertificateDatabase sql:/etc/httpd/none
NSSNickname "none.net - Let's Encrypt"
ErrorLog /var/log/httpd/none.net_443-error.log
CustomLog /var/log/httpd/none.net_443-access.log common
When I do:
$ certutil -L -d sql:/etc/httpd/none/
Certificate Nickname
Trust Attributes
SSL,S/MIME,JAR/XPI
none.net - Let's Encrypt
u,u,u
Let's Encrypt Authority X3 - Digital Signature Trust Co.
CT,C,C
So all good, right? Cert is there in the database, yet
Apache fails to start.
...
[Thu Jan 04 15:34:17.188664 2018] [:error] [pid 21849:tid
140612518500608] Certificate not found: 'none.net'
...
Is this not ... well, strange.
I presume NSS can handle multiple NSSCertificateDatabase(per
VirtualHost) ?
Not files permission, not selinux.
What can be a problem here?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org