On 29/02/16, Rob Crittenden wrote: > Oliver Graute wrote: > > On 26/02/16, Rob Crittenden wrote: > >> Can I ask why you have NSSEnforceValidCerts off set? Is it because of an > >> error that was logged, preventing the server from starting? > > > > yes because of this error: > > > > Add "NSSEnforceValidCerts off" to nss.conf so the server can start until > > the problem can be resolved. > > > > if I also set NSSECCNickname "xxxxxxx" I got: > > > > SSL Library Error: -8172 Certificate is signed by an untrusted issuer > > Ok, that shouldn't cause any crash problems. I was wondering if you were > getting bad key usage flags or anything else. > > This should be fixable by adding the issuing CA to the Apache NSS > database using certutil.
yes you are right, I fixed it by adding the CA to the database and setting the Trusted Attributes to the right values with: certutils -M -n "CA Nickname" -t "CT,C,c" Best regards, Oliver _______________________________________________ Mod_nss-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/mod_nss-list
