httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lejeczek <pelj...@yahoo.co.uk.INVALID>
Subject [users@httpd] nss and Certificate not found
Date Thu, 04 Jan 2018 15:49:04 GMT
hi everyone

I'm experiencing a weird thing. What I'm trying to do I 
believe must be so common that many of you have done it and 
thus could advice.
I converted my let's encrypt cert into a new cert8.db(but 
also tried cert9.db), and I have in config:

<VirtualHost none.net:443>
   DocumentRoot /usr/share/wordpress.none
   DirectoryIndex index.php index.html
   ServerName none.net
   ServerAlias www

   NSSEngine on
   NSSCipherSuite 
+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
   NSSCertificateDatabase sql:/etc/httpd/none
   NSSNickname "none.net - Let's Encrypt"

   ErrorLog /var/log/httpd/none.net_443-error.log
   CustomLog /var/log/httpd/none.net_443-access.log common

When I do:

$ certutil -L -d sql:/etc/httpd/none/

Certificate Nickname                                        

Trust Attributes
SSL,S/MIME,JAR/XPI

none.net - Let's Encrypt                                  
u,u,u
Let's Encrypt Authority X3 - Digital Signature Trust Co.     
CT,C,C

So all good, right? Cert is there in the database, yet 
Apache fails:

...
[Thu Jan 04 15:34:17.188664 2018] [:error] [pid 21849:tid 
140612518500608] Certificate not found: 'none.net'
...

Is this not ... well, strange.
I presume NSS can handle multiple NSSCertificateDatabase(per 
VirtualHost) ?
Not files permission, not selinux.
What can be a problem here?

many thanks, L.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message