Morgan Marodin wrote:
> What do you mean with backup database?
>
> Updating again the mod_nss RPM, Apache doesn't start ... so, this is the
> problem.
You said "and restoring the original /etc/httpd/alias/ folder". Original
from what, where did that come from?
So merely updating mod_nss breaks
Morgan Marodin wrote:
> It works!
> Thanks for your support.
>
> Anyway, I will try to update againt mod_nss package! :D
Glad it's working for you. I'm curious what the backup database was for.
Did you create that?
rob
> Bye!
>
>
> 2016-11-18 15:21 GMT+01:00 Morgan Marodin
It works!
Thanks for your support.
Anyway, I will try to update againt mod_nss package! :D
Bye!
2016-11-18 15:21 GMT+01:00 Morgan Marodin :
> A little good news.
>
> Downgrading the *mod_nss* RPM package, and restoring the original
> */etc/httpd/alias* folder,
A little good news.
Downgrading the *mod_nss* RPM package, and restoring the original
*/etc/httpd/alias* folder, *ipa-server-upgrade* procedure has finished well:
*# ipa-server-upgradeUpgrading IPA: [1/10]:
I've tried to add it to a new test folder, with a new certificate nickname,
and then to replace it to *nss.conf*.
But the problem persists:
*# certutil -V -u V -d /etc/httpd/test -n ipa01certcertutil: certificate is
valid*
*# tail -f /var/log/httpd/error_log*
*[Fri Nov 18
On 11/18/2016 10:04 AM, Morgan Marodin wrote:
Hi Florence.
I've tried to configure the wrong certificate in nss.conf (/ipaCert/),
and with this Apache started.
So I think the problem is in the /Server-Cert/ stored in
//etc/httpd/alias/, even if all manul checks are ok.
These are logs with the
Hi Florence.
I've tried to configure the wrong certificate in nss.conf (*ipaCert*), and
with this Apache started.
So I think the problem is in the *Server-Cert* stored in */etc/httpd/alias*,
even if all manul checks are ok.
These are logs with the wrong certificate test:
*# tail -f
Hi.
I've tried to delete and reimport only the *Server-Cert* certificate (I've
a copy of the original folder).
But it happened a strange behaviour:
*# certutil -L -d /etc/httpd/alias -n Server-Cert -a >
/tmp/Server-Cert.crt# certutil -D -d /etc/httpd/alias -n Server-Cert#
Hi.
I've upgraded all packages of my distribution, not only ipa packages.
There were a lot of packages.
*[root@mlv-ipa01 ~]# rpm -q mod_nssmod_nss-1.0.14-7.el7.x86_64*
All other checks seem ok:
*[root@mlv-ipa01 ~]# certutil -V -u V -d /etc/httpd/alias -n
Server-Certcertutil:
On 11/17/2016 04:51 PM, Morgan Marodin wrote:
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's
not the problem.
/[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
NSSNickname Server-Cert/
I've tried to run manually /dirsrv.target/ and
Morgan Marodin wrote:
> Hi Rob.
>
> I've just tried to remove the group write to the *.db files, but it's
> not the problem.
I didn't expect it to be but you don't want Apache having write access
to your certs and keys.
> /[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
>
Hi Rob.
I've just tried to remove the group write to the *.db files, but it's not
the problem.
*[root@mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.confNSSNickname
Server-Cert*
I've tried to run manually *dirsrv.target* and *krb5kdc.service*, and it
works, services went up.
The same for
Morgan Marodin wrote:
> Hi Florence.
>
> Thanks for your support.
>
> Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
> permissions and certificates are good:
> /[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/
> total 184
> -r--r--r-- 1 root root1345 Sep 7 2015 cacert.asc
>
Hi Florence.
Thanks for your support.
Yes, httpd is using /etc/httpd/alias as NSS DB. And seems that all
permissions and certificates are good:
*[root@mlv-ipa01 ~]# ls -l /etc/httpd/alias/total 184-r--r--r-- 1 root
root1345 Sep 7 2015 cacert.asc-rw-rw 1 root apache 65536
On 11/17/2016 12:09 PM, Morgan Marodin wrote:
Hello.
This morning I've tried to upgrade my IPA server, but the upgrade
failed, and now the service doesn't start! :(
If I try lo launch the upgrade manually this is the output:
/[root@mlv-ipa01 download]# ipa-server-upgrade
Upgrading IPA:
15 matches
Mail list logo