Stefan Kirchner wrote:
Ok, I am sorry. It was just a small mistake.The gencert script did not change the access rights of the databases. After chmod everything works fine.
Both this and the error code should probably get feed back to mod_nss. I believe you can create a bug in bugzilla.redhat.com Classification: Fedora Product: Fedora Component: mod_nss
Stefan Kirchner/Germany/ [EMAIL PROTECTED] To Sent by: dev-tech-crypto@lists.mozilla.org dev-tech-crypto-b cc ounces +stefankirchner=d Subject [EMAIL PROTECTED] NSS_Initialize failed. NSS with ozilla.org apache 2.2.10 (mod_nss 1.0.8) 02.12.2008 11:11 Please respond to "mozilla's crypto code discussion list" <dev-tech-crypto@ lists.mozilla.org >Hello NSS community, I am trying to integrate NSS 3.12 into apache 2.2.10 via mod_nss 1.0.8 (on RHEL 5.2). I want to use SSL over NSS and I always get following error messages while starting the webserver: [Tue Dec 02 11:02:02 2008] [info] Configuring server for SSL protocol [Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(594): Enabling SSL3 [Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(599): Enabling TLS [Tue Dec 02 11:02:02 2008] [debug] nss_engine_init.c(770): Configuring permitted SSL ciphers [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha] [Tue Dec 02 11:02:02 2008] [info] Using nickname Server-Cert. [Tue Dec 02 11:02:02 2008] [notice] Apache/2.2.10 (Unix) mod_nss/2.2.10 NSS/3.12.0.3 configured -- resuming normal operations [Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate database: /usr/local/apache2/nss. [Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate database: /usr/local/apache2/nss. [Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate database: /usr/local/apache2/nss. [Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate database: /usr/local/apache2/nss. [Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Dec 02 11:02:02 2008] [error] NSS_Initialize failed. Certificate database: /usr/local/apache2/nss. [Tue Dec 02 11:02:02 2008] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED What I did: - Compiled and installed NSS and httpd (both successfully tested) - Compiled and installed mod_nss - I ran the gencert script to create the NSS databases and the certificates (it uses certutil) -> the certificates are validated (with certutil -V -u V) - httpd.conf (changes): -> Set LogLevel debug): -> Added Include conf/nss.conf -nss.conf (changes): -> Set LogLevel debug -> Set correct path to the database -> Added NSSEnforceValidCerts off (NSSNickname Server-Cert as it is created by the gencert script of mod_nss) # ./modutil -dbdir /usr/local/apache2/nss/ -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB ----------------------------------------------------------- # ./certutil -d /usr/local/apache2/nss/ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI cacert CTu,Cu,Cu Server-Cert u,u,u alpha u,pu,u, Can someone help me? Any ideas? Thanks in advance. Stefan Kirchner _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
