Naor Weissmann via FreeIPA-users wrote:
> thank you!
> the cert renewed last year, by itself it is ok and working (it is two years
> one). However im having issues to add servers to FreeIPA, since it is done
> via 443 and i can't start http. it started after i had to reboot the machine.
mod_nss can also return not found if the certificate isn't valid. See if
you can verify the cert with:
# certutil -V -u V -n Server-Cert -d /etc/httpd/alias -e -f
/etc/httpd/alias/pwdfile.txt
The certificate also needs to have the server cert EKU:
# certutil -L -d /etc/httpd/alias -n Server-Cert
...
Name: Extended Key Usage
TLS Web Server Authentication Certificate
...
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
