因為客戶有一台非常的網站,只要一有問題就會一直叫,好像世界未日
查了一下最近的確都沒去改任何東西及文件,最後在apache的error log發現問題
Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved
用這個指令查了一下
# certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Mon Dec 01 10:43:20 2012
Not After : Sat Dec 18 10:43:20 2016
憑證早就過4年了
1. 如果不需要用到mod_nss 模組的,就把/etc/httpd/conf.d/nss.conf 文件删掉
2. 不需驗證過期時間,那就在nss.conf 中加入NSSEnforceValidCerts off 配置就可以
重新產生新的憑證
# cd /etc/httpd/alias
# rm -f *.db
# /usr/sbin/gencert /etc/httpd/alias > /etc/httpd/alias/install.log 2>&1
# certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Wed Jul 20 20:19:35 2016
Not After : Mon Jul 20 20:19:35 2020
沒有留言:
張貼留言