At least, it is on Fedora 16
sudo yum install mod_nss
/etc/httpd/alias/ is populated already with ca and server cert self signed
/etc/httpd/conf.d/nss.conf already exists
change 8443 to 443 in two places
--- /etc/httpd/conf.d/nss.conf.orig 2012-03-29 12:59:06.319470425 -0400 +++ /etc/httpd/conf.d/nss.conf 2012-03-29 12:19:38.862721465 -0400 @@ -17,7 +17,7 @@ # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two # Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443" # -Listen 8443 +Listen 443 ## ## SSL Global Context @@ -81,7 +81,7 @@ ## SSL Virtual Host Context ## -+ # General setup for the virtual host #DocumentRoot "/etc/httpd/htdocs"
Make sure your firewall is open on the HTTPS port. Add the following line in /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
before the statement
-A INPUT -j REJECT --reject-with icmp-host-prohibited
and restart the services
sudo systemctl restart iptables.service sudo systemctl restart httpd.service
The documentation provides a lot more detail. Almost all of these steps are performed by the RPM install on F16 and later.
I wonder how did you overcame https://bugzilla.redhat.com/show_bug.cgi?id=769906
Matěj,
The value for NSSCipherSuite is set in the nss.conf file for F17 like this:
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha