NSS/SSL oddities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
	A couple of quick questions about things that have been bugging me:

  - If I import a server certificate and a CA certificate with pk12util 
    and change the trust attributes on the CA cert to "C,," - i.e. that 
    it should be a trusted CA for server certificates - and then start 
    slapd I get:

[05/Jan/2006:17:21:57 +0000] conn=0 op=-1 fd=64 closed - No certificate authority is trusted for SSL client authentication.

    Which seems strange to me - I would have thought the CA certs in 
    nssckbi would be trusted for client auth?


  - Unless /opt/fedora-ds/alias is owned by nobody:nobody you get 

[05/Jan/2006:17:43:40 +0000] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-foo-, keydb prefix: slapd-foo-.
[05/Jan/2006:17:43:40 +0000] - ERROR: NSS Initialization Failed.

    Couldn't we not make the directory owned by nobody:nobody by 
    default in the RPM? root:root doesn't seem like a useful default.

Cheers,
Mark.

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux