RHCE Series: Implementing HTTPS through TLS using Network Security Service (NSS) for Apache – Part 8

Page 1 of 212

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Use our Linode referral link if you plan to buy VPS (it starts at only $10/month).
  4. Support us via PayPal donate - Make a Donation
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

Receive Your Free Complimentary eBook NOW! -

Download Free Linux eBooks

Linux BASH Programming Cookbook
Getting Started with Ubuntu 16.04
A Newbie's Getting Started Guide to Linux
Introduction to Linux - A Hands on Guide

You may also like...

6 Responses

  1. Tomas says:

    Just a quick tip, you can pass multiple services:

    # firewall-cmd –permanent –add-service={http,https}

    It does save you time during the exam.

  2. Harmon20 says:

    I’m using this as a step by step recipe and ran into some problems. I’ll post them as I found them to help anyone else that ran into difficulty because of being as ignorant of what they were doing as I was.

    In the step where specifying listening ports in the nss.conf file, the Virtual host line is in gt and lt brackets, XML style. Leave the gt/lt brackets in place; do not remove them so that the line in your nss.conf file looks exactly like the line shown on this page.

    In step 5 of NSS Config, when running certutil I was prompted for a password. I tried for a couple days to get it right and it was always invalid. I discovered after trial-and-much-error that the first time through I had to just hit Enter for a blank password, then I was prompted for the new one. I then entered the password from step 2(b).

    Regarding step 2(b): It should be stated that after step 2(a) is accomplished the editor should be exited to save nss.conf, then proceed to step 2(b).

    After I created my cert my server still handed out the default cert rather than the one I’d generated. It was not stated in the instructions, but I had to go back into nss.conf, find the virutal host section, find the line that starts “NSSNickname” and replace it with the name of the cert I’d generated. In this example it was named “box1”. (ignore all quotes, in practice)

    • @Harmon20,
      Please know how much we appreciate your involvement and your time to point this out. Thank you for sharing your findings with the rest of the community.

      • Aidin says:

        Hi Gabriel
        Can you please add this NSSNickname to article, I didn’t check comments and like Harmon20 had to check nss.conf file to find it.

        Thanks for your great effort.


  3. Jalal Hajigholamali says:

    Very useful article
    thanks a lot

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 177,942
  2. 8,310
  3. 37,548

Are you subscribed?