[Mod_nss-list] NSSSessionTickets causes some segfault in error log
Rob Crittenden
rcritten at redhat.com
Mon Feb 29 14:55:49 UTC 2016
Oliver Graute wrote:
> On 26/02/16, Rob Crittenden wrote:
>> Can I ask why you have NSSEnforceValidCerts off set? Is it because of an
>> error that was logged, preventing the server from starting?
>
> yes because of this error:
>
> Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
>
> if I also set NSSECCNickname "xxxxxxx" I got:
>
> SSL Library Error: -8172 Certificate is signed by an untrusted issuer
Ok, that shouldn't cause any crash problems. I was wondering if you were
getting bad key usage flags or anything else.
This should be fixable by adding the issuing CA to the Apache NSS
database using certutil.
rob
More information about the Mod_nss-list
mailing list