[Mod_nss-list] Separate NSS databases for separate vhosts
Rob Crittenden
rcritten at redhat.com
Mon Aug 24 20:10:47 UTC 2015
Ian Pilcher wrote:
> On 08/24/2015 02:46 PM, Rob Crittenden wrote:
>> No, the NSS database is global for the httpd process. You'd need to put
>> both server certificates into the same database.
>
> Bummer.
>
> I can't help thinking that the NSSCertificateDatabase (and probably
> NSSDBPrefix) options should be moved out of the <VirtualHost
> _default_:443> section in nss.conf.
>
> Thanks!
>
Yeah, you're right. There is also a chance that NSS contexts could make
this possible, but it may also add a lot of complexity. I filed
https://bugzilla.redhat.com/show_bug.cgi?id=1256527 to track.
rob
More information about the Mod_nss-list
mailing list