[Freeipa-users] error after change cert
Rob Crittenden
rcritten at redhat.com
Mon Jul 6 15:44:40 UTC 2015
barrykfl at gmail.com wrote:
> Do u meant this :
>
> i already add the cert to nss and even \etc\ipa\ ca.cert repalced
>
>
> [root@(LIVE) slapd-Wwww-COM]$ certutil -d /etc/pki/nssdb -L
>
> Certificate Nickname Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> COMODO RSA Domain Validation Secure Server CA CT,C,C
> IPA CA CT,C,C
> COMODO RSA Certification Authority CT,C,C
This has no relationship to the error you're seeing. This database is
not used by either Apache or 389-ds.
NSS uses nicknames to reference a given certificate. This nickname needs
to exist in it's database. I'm guessing that you changed the database,
and therefore the nickname in the database, without also updating the
server configuration with this new nickname.
rob
>
>
> 2015-07-06 21:39 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>:
>
> barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
>
> the cert already in httpd / ldap side. but it prompt error
>
> [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the cipher
> are valid
> [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization phase 2
> Failed.
>
> *.wisers.com <http://wisers.com> <http://wisers.com> - COMODO CA
> Limited u,u,u
> COMODO RSA Domain Validation Secure Server CA CT,C,C
> COMODO RSA Certification Authority CT,C,C
>
>
> Taking a wild guess here due to limited information, but check the
> value of nsSSLPersonalitySSL in cn=RSA,cn=encryption,cn=config. This
> is the NSS nickname of the server certificate to use.
>
> rob
>
>
>
> 2015-07-06 20:01 GMT+08:00 <barrykfl at gmail.com
> <mailto:barrykfl at gmail.com> <mailto:barrykfl at gmail.com
> <mailto:barrykfl at gmail.com>>>:
>
> hi:
>
> i changed cert lareadty but seemit still keep hisoty of
> godadday any
> help.??
>
>
> www-COM...[06/Jul/2015:19:59:15 +0800] - SSL alert: Security
> Initialization: Can't find certificate (*.wwwcom - GoDaddy.com,
> Inc.) for family cn=RSA,cn=encryption,cn=config (Netscape
> Portable
> Runtime error -8174 - security library: bad database.)
> [06/Jul/2015:19:59:15 +0800] - SSL alert: Security
> Initialization:
> Unable to retrieve private key for cert *.www.com
> <http://www.com> <http://www.com> -
> GoDaddy.com, Inc. of family cn=RSA,cn=encryption,cn=config
> (Netscape
> Portable Runtime error -8174 - security library: bad database.)
> [06/Jul/2015:19:59:16 +0800] - SSL failure: None of the
> cipher are valid
> [06/Jul/2015:19:59:16 +0800] - ERROR: SSL Initialization
> phase 2 Failed.
>
>
>
>
>
>
More information about the Freeipa-users
mailing list