[Freeipa-users] My IPA installation doesn't work after upgrade
Rob Crittenden
rcritten at redhat.com
Thu Nov 17 16:07:31 UTC 2016
Morgan Marodin wrote:
> Hi Rob.
>
> I've just tried to remove the group write to the *.db files, but it's
> not the problem.
I didn't expect it to be but you don't want Apache having write access
to your certs and keys.
> /[root at mlv-ipa01 ~]# grep NSSNickname /etc/httpd/conf.d/nss.conf
> NSSNickname Server-Cert/
Ok.
>
> I've tried to run manually /dirsrv.target/ and /krb5kdc.service/, and it
> works, services went up.
> The same for /ntpd/, /named-pkcs11.service/, /smb.service/,
> /winbind.service/, /kadmin.service/, /memcached.service/ and
> /pki-tomcatd.target/.
Good, so you can limp along for a while then.
> Any other ideas?
So you upgraded. What did you actually upgrade? Only the IPA packages or
a lot more?
What version is running now, and what version of mod_nss?
$ rpm -q mod_nss
Let's see if the NSS tools can find the cert:
# certutil -V -u V -d /etc/httpd/alias -n Server-Cert
Should come back with: certutil: certificate is valid
rob
More information about the Freeipa-users
mailing list