<div dir="ltr">any command make it refresh ? it seem still getiing old godaddy hisotry?</div><div class="gmail_extra"><br><div class="gmail_quote">2015-07-06 21:45 GMT+08:00  <span dir="ltr"><<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Do u meant this :</div><div><br></div><div>i already add the cert to nss and even \etc\ipa\ ca.cert repalced </div><div><br></div><div><br></div><div>[root@(LIVE) slapd-Wwww-COM]$   certutil -d /etc/pki/nssdb  -L</div><p>Certificate Nickname                                         Trust Attributes<br>                                                             SSL,S/MIME,JAR/XPI</p><p><span>COMODO RSA Domain Validation Secure Server CA                CT,C,C<br></span>IPA CA                                                       CT,C,C<span><br>COMODO RSA Certification Authority                           CT,C,C<br><br></span></p></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2015-07-06 21:39 GMT+08:00 Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><span>
the cert already in httpd / ldap side. but it prompt error<br>
<br>
[06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher are valid<br>
[06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2 Failed.<br>
<br></span>
*.<a href="http://wisers.com" target="_blank" rel="noreferrer">wisers.com</a> <<a href="http://wisers.com" target="_blank" rel="noreferrer">http://wisers.com</a>> - COMODO CA<span><br>
Limited                             u,u,u<br>
COMODO RSA Domain Validation Secure Server CA                CT,C,C<br>
COMODO RSA Certification Authority                           CT,C,C<br>
</span></blockquote>
<br>
Taking a wild guess here due to limited information, but check the value of nsSSLPersonalitySSL in cn=RSA,cn=encryption,cn=config. This is the NSS nickname of the server certificate to use.<br>
<br>
rob<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<br>
<br>
2015-07-06 20:01 GMT+08:00 <<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a> <mailto:<a href="mailto:barrykfl@gmail.com" target="_blank">barrykfl@gmail.com</a>>>:<span><br>
<br>
    hi:<br>
<br>
    i changed cert lareadty but seemit still keep hisoty of godadday any<br>
    help.??<br>
<br>
<br>
    www-COM...[06/Jul/2015:19:59:15 +0800] - SSL alert: Security<br>
    Initialization: Can't find certificate (*.wwwcom - GoDaddy.com,<br>
    Inc.) for family cn=RSA,cn=encryption,cn=config (Netscape Portable<br>
    Runtime error -8174 - security library: bad database.)<br>
    [06/Jul/2015:19:59:15 +0800] - SSL alert: Security Initialization:<br></span>
    Unable to retrieve private key for cert *.<a href="http://www.com" target="_blank" rel="noreferrer">www.com</a> <<a href="http://www.com" target="_blank" rel="noreferrer">http://www.com</a>> -<span><br>
    GoDaddy.com, Inc. of family cn=RSA,cn=encryption,cn=config (Netscape<br>
    Portable Runtime error -8174 - security library: bad database.)<br>
    [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher are valid<br>
    [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2 Failed.<br>
<br>
<br>
<br>
<br>
</span></blockquote>
<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>