hi everyoneI'm experiencing a weird thing. What I'm trying to do I believe must be so common that many of you have done it and thus could advice. I converted my let's encrypt cert into a new cert8.db(but also tried cert9.db), and I have in config:
<VirtualHost none.net:443> DocumentRoot /usr/share/wordpress.none DirectoryIndex index.php index.html ServerName none.net ServerAlias www NSSEngine onNSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSCertificateDatabase sql:/etc/httpd/none NSSNickname "none.net - Let's Encrypt" ErrorLog /var/log/httpd/none.net_443-error.log CustomLog /var/log/httpd/none.net_443-access.log common When I do: $ certutil -L -d sql:/etc/httpd/none/Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI none.net - Let's Encrypt u,u,uLet's Encrypt Authority X3 - Digital Signature Trust Co. CT,C,C
So all good, right? Cert is there in the database, yet Apache fails:
...[Thu Jan 04 15:34:17.188664 2018] [:error] [pid 21849:tid 140612518500608] Certificate not found: 'none.net'
... Is this not ... well, strange.I presume NSS can handle multiple NSSCertificateDatabase(per VirtualHost) ?
Not files permission, not selinux. What can be a problem here? many thanks, L. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|