Hide Forgot
mod_nss RPM installs following directory 2012-02-21 19:36:36 UTC [hayashis@soichi2:/etc/httpd/alias]$ ls -la total 112 drwxr-xr-x 2 root root 4096 Feb 21 19:28 . drwxr-xr-x 5 root root 4096 Feb 21 19:18 .. -rw-r----- 1 root apache 65536 Feb 17 20:55 cert8.db -rw------- 1 root root 4395 Feb 17 20:55 install.log -rw-r----- 1 root apache 16384 Feb 17 20:55 key3.db lrwxrwxrwx 1 root root 33 Feb 17 20:55 libnssckbi.so -> ../../..//usr/lib64/libnssckbi.so -rw-r----- 1 root apache 16384 Feb 17 20:55 secmod.db The fact that only group:apache can access the db means that mod_nss will not run if apache is configured to run under non-apache group. The apache error log is overflowing with following message. [Tue Feb 21 19:30:45 2012] [notice] child pid 9304 exit signal Segmentation fault (11) [Tue Feb 21 19:30:45 2012] [notice] child pid 9306 exit signal Segmentation fault (11) [Tue Feb 21 19:30:45 2012] [notice] child pid 9307 exit signal Segmentation fault (11) [Tue Feb 21 19:30:45 2012] [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue Feb 21 19:30:45 2012] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Feb 21 19:30:45 2012] [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue Feb 21 19:30:45 2012] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Feb 21 19:30:45 2012] [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue Feb 21 19:30:45 2012] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED [Tue Feb 21 19:30:45 2012] [error] NSS_Initialize failed. Certificate database: /etc/httpd/alias. [Tue Feb 21 19:30:45 2012] [error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED Not only mod_nss will not run, but it actually completely disables mod_ssl. I had to uninstall mod_nss in our system to get our system working again.
For the purposes of RHEL 5, we would like to suggest the following work-around: * cd /etc/httpd/alias * chgrp <non_apache_group> cert8.db key3.db secmod.db