Resolving Certificate Errors with SELinux Enabled


With SELinux enabled, you may receive errors similar to the one below when trying to add SSL Certificates:

cloudbolt kernel: type=1400 audit(1632428573.341:163): avc:  denied  { read } for  pid=12084 comm="httpd" name="localhost.crt" dev="dm-6" ino=1002 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0


The original context of the certificates have changed causing SELinux to give the above error.

Workaround or Solution


You can set the new context for SELinux using the commands below:

restorecon -RvF /etc/pki/tls/certs/
restorecon -RvF /etc/pki/tls/private/

After context has been restored, you will now be able to start the httpd service

Have more questions? Submit a request


Please sign in to leave a comment.