qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Welchlin <andreas.welch...@comyno.com>
Subject Re: qpid broker ssl plugin - start using systemctl fails
Date Tue, 10 Jun 2014 09:13:51 GMT
Am 10.06.2014 10:51, schrieb Gordon Sim:
> On 06/10/2014 09:28 AM, Andreas Welchlin wrote:
>>
>> Am 09.06.2014 10:38, schrieb Gordon Sim:
>>> On 06/07/2014 09:22 PM, Andreas Welchlin wrote:
>>>> Hi All,
>>>>
>>>> I started the qpidd broker on a fedora 9 using "sytemctl start
>>>> qpidd.service". But the initialisation of the SSL plugin failed:
>>>>
>>>> [Security] error Failed to initialise SSL plugin: Failed: NSS error
>>>> [-8015]
>>>> (/builddir/build/BUILD/qpid-0.24/cpp/src/qpid/sys/ssl/util.cpp:100)
>>>>
>>>>
>>>> When I start it as root from the commandline with "# /usr/sbin/qpidd
>>>> --config /etc/qpid/qpidd.conf", then
>>>> it works fine:
>>>>
>>>> [Security] notice Listening for SSL connections on TCP/TCP6 port 5674
>>>>
>>>>
>>>> I am more a software developer than an administrator and I just can
>>>> assume that the environment of the systemd needs to be changed. But I
>>>> have no idea how I can fix it.
>>>>
>>>> Does anyone of you have an idea what I should change?
>>>
>>> Are the cert db and password file (if used) readable by the qpidd user?
>>>
>>>
>>
>> No, they were not.
>> Now I changed the user of cert db and password file to qpidd.
>>
>> But unfortunately the problem is still there.
>>
>> Any more ideas?
>
> I believe that error code is SEC_ERROR_LEGACY_DATABASE. Has there been 
> a previous, older installation of qpidd and/or nss on this box?
>
> Does certutil -L -d <cert_db_path> work?
>
Yes, there was an older qpidd installation but without using ssl.

certutil works on the machine:
-------------------------------------------------
certutil -L -d server_db

Certificate Nickname                                         Trust 
Attributes
SSL,S/MIME,JAR/XPI

MyRootCA                                                     CT,,
localhost.localdomain                                        u,u,u
--------------------------------------------------





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message