NSS has changed its default database format from DBM to SQL. mod_nss does not support auto-detection and has a hard-coded default to DBM. The NSSDB in /etc/httpd/alias must be converted to SQL format andNSSCertificateDatabase /etc/httpd/alias in /etc/httpd/conf.d/nss.conf must be changed to ``NSSCertificateDatabase sql:/etc/httpd/alias.
/etc/httpd/alias
NSSCertificateDatabase /etc/httpd/alias
/etc/httpd/conf.d/nss.conf
``NSSCertificateDatabase sql:/etc/httpd/alias
Upgrade of NSSDB can be performed by ipapython.certdb.NSSDatabase.convert_db() while httpd is stopped.
ipapython.certdb.NSSDatabase.convert_db()
During installation HTTPd fails to start with error message Server user apache lacks read access to NSS key database /etc/httpd/alias/key3.db
Server user apache lacks read access to NSS key database /etc/httpd/alias/key3.db
server installs correctly
Metadata Update from @cheimes: - Issue assigned to cheimes
Metadata Update from @cheimes: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1458
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1491419
Issue linked to Bugzilla: Bug 1491419
Metadata Update from @rcritten: - Issue priority set to: normal - Issue set to the milestone: FreeIPA 4.7
master:
Metadata Update from @cheimes: - Issue priority set to: critical (was: normal)
Note: Bump requirements for NSS and certmonger to versions that default to SQL NSSDB.
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.