Oliver Graute wrote:
On Wed, Sep 7, 2016 at 6:24 PM, Rob Crittenden <[email protected]> wrote:
Oliver Graute wrote:
Hello,
in our project we tried to use two Virtual Hosts with two different
Certificate Chains in two NSS databases. One for local and one for
remote connections.
After a bit of debuging it seems that this setup is not possible, because
NSS
_Init is only called once and not called twice for every vhost entry.
There is allready a Bug 1256527 concerning this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1256527
Whats needs to be done to fix this Limitation? So how hard can it be to
fix this?
I haven't scoped it yet so I can't really say how difficult it will be.
What alternatives we have to get two certificate chains working with nss?
we thought that a alternative could be to start to seperated Apache
instances
is this an approach to go? or do we get in trouble with nss lib to?
I don't see why you can't have two server certificates and chains in the
same NSS database as long as the subjects are unique. Is that not working
for you?
The problem is that we have an requirement for an PKI with a Root CA
with seperate Sub CA for LAN (local) and Sub CA for WAN (remote) which
will build up two separte chains . An certificate that is verified by
one chain shall not be verified by the other chain.
I don't see one validating the other but I understand that your goal is
separation.
I don't believe there is a way to do this today.
rob
_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list
