G Col via FreeIPA-users wrote:
Hi Rob,
I made it working importing the pem file cert to my browser from freipa UI, but this is
just a workaround and it will just help for my browser. How would I make it working with a
certificate modifying the NSS database?
So your mod_nss configuration has the certificate as Server-Cert.
ipa-server-certinstall uses this value to remove the existing
certificate from the NSS before installing the replacement.
Since a certificate named Server-Cert is not present it gives up.
So you can either install some random certificate with the nickname
Server-Cert so it can be removed by ipa-server-certinstall or correct
the value of NSSNickname in /etc/httpd/conf.d/nss.conf (preferred).
rob