Comments on: RHCE Series: Implementing HTTPS through TLS using Network Security Service (NSS) for Apache – Part 8 https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/ Tecmint - Linux Howtos, Tutorials, Guides, News, Tips and Tricks. Fri, 03 Jan 2020 13:48:21 +0000 hourly 1 By: amin https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/comment-page-1/#comment-1310123 Fri, 03 Jan 2020 13:48:21 +0000 http://www.tecmint.com/?p=15725#comment-1310123 Hi Dear Gabriel,

The first time I execute certutil -W -d /etc/httpd/alias/ it asks for a pre-stored password that I don’t have.

It is expected that the system should ask for a new password and confirmation.

any suggestions?

]]> By: Amit https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/comment-page-1/#comment-991434 Fri, 11 May 2018 15:26:35 +0000 http://www.tecmint.com/?p=15725#comment-991434 whenever I come across this step, I get the below error. I am running a VM, and tried creating 3 different VMs and loading fresh OS, but still no luck. Any help on this?

SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: The certificate was signed using a signature algorithm that is disabled because it is not secure.
certutil: unable to create cert (The certificate was signed using a signature algorithm that is disabled because it is not secure.)
=======================================

The below output is when I run the connectivity test
———————
—–END CERTIFICATE—–
subject=/C=US/O=example.com/CN=tecmint.linuxnewz.com
issuer=/C=US/O=example.com/CN=Certificate Shack

No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 2136 bytes and written 315 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 064C3C977F424BBB10EAFF2AF8012D243F517B9AB8B235DC8BE4EF7C1EF81E65
Session-ID-ctx:
Master-Key: F99E9AE9C79952C4AB875DB2C8039F1AB3F8A93195607F6118491EBDB4EB261645B1A6E1E3F28EA81B691325D741E63E
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1526052089
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

]]> By: Tanveer https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/comment-page-1/#comment-989886 Sun, 06 May 2018 18:43:21 +0000 http://www.tecmint.com/?p=15725#comment-989886 Does the NSS work for keys from Letsencrypt. If yes, then how can we place the key file, as the file /etc/httpd/alias is looked for the certificate.

]]> By: Tanveer https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/comment-page-1/#comment-989884 Sun, 06 May 2018 18:35:24 +0000 http://www.tecmint.com/?p=15725#comment-989884 In reply to Tanveer.

I followed what Harmon20 mentioned below, and it works. Thanks M8.

]]> By: Tanveer https://www.tecmint.com/create-apache-https-self-signed-certificate-using-nss/comment-page-1/#comment-989883 Sun, 06 May 2018 18:32:13 +0000 http://www.tecmint.com/?p=15725#comment-989883 In the last step, this asks me for a password. I did not set any password, infact setting it now. 

# certutil -W -d /etc/httpd/alias/
Enter Password or Pin for "NSS Certificate DB":
Invalid password.  Try again.
Enter Password or Pin for "NSS Certificate DB":

Can you please help. I followed the steps mentioned here.

]]>