[Mod_nss-list] "SSL input filter read failed" error for apache with mod_nss
Rob Crittenden
rcritten at redhat.com
Mon Aug 10 14:29:03 UTC 2009
Rishi Renjith wrote:
> Hello,
> We are trying to make apache work with mod_nss in Solaris10 x86 platform
> in our project, which currently uses mod_ssl. For that we did the following.
> 1) Compiled and installed NSS with NSPR.
> 2) Installed Apache compiled with mod_ssl
> 3) Compiled and installed mod_nss for this Apache
> 4) Created the dummy DB using gencert.sh fie in mod_nss
> 5) Changed permissions for DB so that we can use it.
> The issue we are getting is that the browser(Firefox) says
> "SSL_Disabled", when trying to run in FIPS mode. When I checked the
> server logs, it says "SSL Input filter read failed." "Cannot connect,
> SSL is disabled". error.
>
> Is there any setting that we are missing?
> I am attaching the nss.conf and httpd.conf files.
>
> Versions used:
> Mod_nss: 1.0.8
> NSS and NSPR: nss-3.12.3.1-with-nspr-4.7.5
> Apache: 2.2.11
Ok, let me start with a couple of questions:
1. Does it work when NSSFips is off?
2. Why did you set NSSEnforceValidCerts to off?
3. Can you share /opt/SMC/Apache2/logs/nsserror_log?
4. Can you provide the output of: certutil -L -d /opt/SMC/Apache2/dummycert
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/mod_nss-list/attachments/20090810/5cf3d45d/attachment.bin>
More information about the Mod_nss-list
mailing list