[Fedora-directory-users] NSS/SSL oddities
Mark McLoughlin
markmc at redhat.com
Fri Jan 6 14:14:03 UTC 2006
Hi,
A couple of quick questions about things that have been bugging me:
- If I import a server certificate and a CA certificate with pk12util
and change the trust attributes on the CA cert to "C,," - i.e. that
it should be a trusted CA for server certificates - and then start
slapd I get:
[05/Jan/2006:17:21:57 +0000] conn=0 op=-1 fd=64 closed - No certificate authority is trusted for SSL client authentication.
Which seems strange to me - I would have thought the CA certs in
nssckbi would be trusted for client auth?
- Unless /opt/fedora-ds/alias is owned by nobody:nobody you get
[05/Jan/2006:17:43:40 +0000] - SSL alert: Security Initialization: NSS initialization failed (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.): path: /opt/fedora-ds/alias/, certdb prefix: slapd-foo-, keydb prefix: slapd-foo-.
[05/Jan/2006:17:43:40 +0000] - ERROR: NSS Initialization Failed.
Couldn't we not make the directory owned by nobody:nobody by
default in the RPM? root:root doesn't seem like a useful default.
Cheers,
Mark.
More information about the Fedora-directory-users
mailing list