[Freeipa-users] Dogtag certs did not auto-renew, very stuck!
Peter Fern
freeipa at 0xc0dedbad.com
Thu Feb 23 00:04:28 UTC 2017
On 23/02/17 05:26, Rob Crittenden wrote:
> It's been many moons since I worked on nss-pem but from what I can tell
> it should be buildable outside of NSS so can ship as a separate package.
> You might try building it locally to see if it resolves the issues for
> you. It resides at https://github.com/kdudka/nss-pem
I had to modify an include path, and it links against some static libs
(libfreebl.a, libnssb.a, libnssckfw.a) that are not included in the
current Debian libnss3 packages, so a non-trivial packaging effort. And
because certmonger appears to use nss directly, linking against a
different libcurl variant is also probably not an option.
There are other issues too - the default cert store path of
/etc/httpd/alias is still used in the deb package, however the correct
path is /etc/apache2/nssdb.
More information about the Freeipa-users
mailing list