Naor Weissmann via FreeIPA-users wrote: > I have disabled selinux, restarted the machine still same issue :( > Totally out of ideas. > Could it be related to ciphers or protocols allowed ?
No, it wouldn't affect NSS being able to find the certificate. If you can provide the full output of the cert that might be useful. You could try to create a new NSS database and export the cert/key from the current one using pk12util into it to see if there is perhaps some corruption. > > [info] Configuring server for SSL protocol > [debug] nss_engine_init.c(783): NSSProtocol: Enabling TLSv1.0 > [debug] nss_engine_init.c(788): NSSProtocol: Enabling TLSv1.1 > [debug] nss_engine_init.c(793): NSSProtocol: Enabling TLSv1.2 > [debug] nss_engine_init.c(858): NSSProtocol: [TLS 1.0] (minimum) > [debug] nss_engine_init.c(885): NSSProtocol: [TLS 1.2] (maximum) > [debug] nss_engine_init.c(1091): NSSCipherSuite: Configuring permitted SSL > ciphers > [+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha] Oh, there is additional debug output. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
