[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using NSS



Daniel Qian wrote:
On 11-10-27 3:41 PM, Braden Northington McDaniel wrote:
On Oct 27, 2011, at 2:27 PM, Daniel Qian wrote:

why don't you simply try

  TLS_CACERT /etc/pki/nssdb/<filename>
instead of


TLS_CACERTDIR /etc/pki/nssdb
Because the cert isn't in a text file; it's in the NSS database.

I saw similar problems to what you are having but it was for openssl and can
be fixed by running an openssl command plus some options. In your case it
seems the NSS database isn't in the format ldap client expects.

Note that by default, NSS expects to see a certificate database. You need an additional module to enable it to use PEM files.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/