[Mod_nss-list] NSSSessionTickets causes some segfault in error log
Oliver Graute
oliver.graute at gmail.com
Mon Feb 29 15:15:05 UTC 2016
On 29/02/16, Rob Crittenden wrote:
> Oliver Graute wrote:
> > On 26/02/16, Rob Crittenden wrote:
> >> Can I ask why you have NSSEnforceValidCerts off set? Is it because of an
> >> error that was logged, preventing the server from starting?
> >
> > yes because of this error:
> >
> > Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
> >
> > if I also set NSSECCNickname "xxxxxxx" I got:
> >
> > SSL Library Error: -8172 Certificate is signed by an untrusted issuer
>
> Ok, that shouldn't cause any crash problems. I was wondering if you were
> getting bad key usage flags or anything else.
>
> This should be fixable by adding the issuing CA to the Apache NSS
> database using certutil.
yes you are right, I fixed it by adding the CA to the database and
setting the Trusted Attributes to the right values with:
certutils -M -n "CA Nickname" -t "CT,C,c"
Best regards,
Oliver
More information about the Mod_nss-list
mailing list