[Mod_nss-list] Very simple nss.conf file

Cohen, Laurence lcohen at novetta.com
Tue Aug 25 18:25:32 UTC 2015 

Thanks Rob.

On Tue, Aug 25, 2015 at 2:21 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Cohen, Laurence wrote:
>
>> I would like to construct a very simple nss.conf file that will redirect
>> all traffic to a nss.maintenance file while we are doing maintenance.  I
>> don't need help with the scripting to move the correct nss.conf into
>> place.  I just need help with the contents of the nss.conf file itself.
>> It only needs one rule.  Redirect all traffic to the maintenance file
>> which will contain text that we are in maintenance mode.
>>
>
> For the redirect you'll need to use mod_rewrite but that's out of scope of
> mod_nss. This is a pretty minimal nss.conf. This page looks related:
> https://css-tricks.com/snippets/htaccess/temporary-maintenance-using-mod_rewrite/
>
> Here is a pretty basic nss.conf:
>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
>
> NSSPassPhraseDialog "file:/etc/httpd/conf/password.conf"
> NSSPassPhraseHelper /usr/libexec/nss_pcache
> NSSRequireSafeNegotiation on
>
> <VirtualHost _default_:443>
>     ErrorLog /etc/httpd/logs/error_log
>     TransferLog /etc/httpd/logs/access_log
>     LogLevel warn
>
>     NSSEngine on
>     NSSCipherSuite
> +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
>     NSSProtocol TLSv1.0,TLSv1.1
>     NSSNickname Server-Cert
>     NSSCertificateDatabase /etc/httpd/alias
> </VirtualHost>
>
> rob
>



-- 

[image: www.novetta.com]

Larry Cohen

System Administrator


12021 Sunset Hills Road, Suite 400

Reston, VA 20190

Email  lcohen at novetta.com

Office  703-885-1064
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/mod_nss-list/attachments/20150825/b0cf0654/attachment.htm>

More information about the Mod_nss-list mailing list