[Pkg-fedora-ds-maintainers] Bug#841477: Bug#841477: 389-ds-base: 389 directory server fails to start TLS/SSL
Michal Kašpar
michal at kaspar.in
Fri Oct 21 14:03:52 UTC 2016
Thanks for the reply. I've found some other things about the problem.
The linking of the NSS library causes secmod.db to be changed. I've
tried to list its properties via modutil (modutil -list -dbdir
/etc/dirsrv/slapd-instance) and got:
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. Root Certs
library name: /etc/dirsrv/slapd-KASPAR-IN/libnssckbi.so
slots: 1 slot attached
status: loaded
slot: NSS Builtin Objects
token: Builtin Object Token
which looks fine. What was interesting was if I ommited the -dbdir
parameter, I got the same error as the dirserver gets. So it's possible
the dirserver looks for the certificate database in a wrong place?
However strace shows it opens the secmod.db.
--
Michal Kašpar
More information about the Pkg-fedora-ds-maintainers
mailing list