Oliver Graute wrote: > On 26/02/16, Rob Crittenden wrote: >> Can I ask why you have NSSEnforceValidCerts off set? Is it because of an >> error that was logged, preventing the server from starting? > > yes because of this error: > > Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the > problem can be resolved. > > if I also set NSSECCNickname "xxxxxxx" I got: > > SSL Library Error: -8172 Certificate is signed by an untrusted issuer
Ok, that shouldn't cause any crash problems. I was wondering if you were getting bad key usage flags or anything else. This should be fixable by adding the issuing CA to the Apache NSS database using certutil. rob _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
