Hello NSS community,
I am trying to integrate NSS 3.12 into apache 2.2.10 via mod_nss 1.0.8 (on
RHEL 5.2). I want to use SSL over NSS
and I always get following error messages while starting the webserver:
[Tue Dec 02 11:02:02 2008] [info] Configuring server for SSL protocol
[Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(594): Enabling SSL3
[Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(599): Enabling TLS
[Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(770): Configuring
permitted SSL ciphers
[+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha]
[Tue Dec 02 11:02:02 2008] [info] Using nickname Server-Cert.
[Tue Dec 02 11:02:02 2008] [notice] Apache/2.2.10 (Unix) mod_nss/2.2.10
NSS/3.12.0.3 configured -- resuming normal operations
[Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate
database: /usr/local/apache2/nss.
[Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038
SEC_ERROR_NOT_INITIALIZED
[Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate
database: /usr/local/apache2/nss.
[Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038
SEC_ERROR_NOT_INITIALIZED
[Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate
database: /usr/local/apache2/nss.
[Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038
SEC_ERROR_NOT_INITIALIZED
[Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate
database: /usr/local/apache2/nss.
[Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038
SEC_ERROR_NOT_INITIALIZED
[Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate
database: /usr/local/apache2/nss.
[Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038
SEC_ERROR_NOT_INITIALIZED
What I did:
- Compiled and installed NSS and httpd (both successfully tested)
- Compiled and installed mod_nss
- I ran the gencert script to create the NSS databases and the certificates
(it uses certutil)
-> the certificates are validated (with certutil -V -u V)
- httpd.conf (changes):
-> Set LogLevel debug):
-> Added Include conf/nss.conf
-nss.conf (changes):
-> Set LogLevel debug
-> Set correct path to the database
-> Added NSSEnforceValidCerts off
(NSSNickname Server-Cert as it is created by the gencert script of mod_nss)
# ./modutil -dbdir /usr/local/apache2/nss/ -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
-----------------------------------------------------------
# ./certutil -d /usr/local/apache2/nss/ -L
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
cacert CTu,Cu,Cu
Server-Cert u,u,u
alpha u,pu,u,
Can someone help me? Any ideas?
Thanks in advance.
Stefan Kirchner
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
