Friday, June 16, 2017

Make selinux play nicely with certs

During certs upgrades, I noticed that my new cert was not getting accepted, i.e. my application was unable to read it even though owner and permission were set correctly.
The root cause of the problem was Selinux... it detected that I changed the cert and was preventing it from being read as malicious?

So I had to issue following command for it to accept it.

# restorecon -RvF /etc/pki/tls/private/jira.key
restorecon reset /etc/pki/tls/private/jira.key context unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:cert_t:s0

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)