During creation of the registry-aware RA and TPS subsystems, it was discovered that these two PKI subsystems (Perl/Apache and C/C++/Apache) will NOT work if the "NSS_DEFAULT_DB_TYPE=sql" environment variable is set. When this variable is set, the new SQL-based shared NSS databases are utilized -- 'cert9.db', 'key4.db', and 'pkcs11.txt'; when NOT set, the old DBM databases are utilized -- 'cert8.db', 'key3.db', and 'secmod.db'. The CA, KRA, OCSP, and TKS PKI subsystems (Java/Tomcat) appear to work with the new NSS shared databases.
CORRECTION: ALL registry-aware PKI instances including CA, KRA, OCSP, RA, TKS, and TPS were unable to be "configured" when using a shared NSS database.
Upstream ticket: https://fedorahosted.org/pki/ticket/167
edewata added the folloowing: The migration issue was fixed in the following changes: https://github.com/dogtagpki/pki/commit/dd8bdc6c9b6e4bd8966237a3606099e74b1a7d9b https://github.com/dogtagpki/pki/commit/d06bed84e50ac3acb578d4e0acc0a538e3826979 https://github.com/dogtagpki/pki/commit/e4384d2c5986b98d5c084e7b9d8f4fa93fddb432 https://github.com/dogtagpki/pki/commit/c02268cc025ebfb0860d5528e080e208e09b3cbb