Resolving Certificate Errors with SELinux Enabled

Problem

With SELinux enabled, you may receive errors similar to the one below when trying to add SSL Certificates:

cloudbolt kernel: type=1400 audit(1632428573.341:163): avc:  denied  { read } for  pid=12084 comm="httpd" name="localhost.crt" dev="dm-6" ino=1002 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Cause

The original context of the certificates have changed causing SELinux to give the above error.

Workaround or Solution

Overview

You can set the new context for SELinux using the commands below:

restorecon -RvF /etc/pki/tls/certs/
restorecon -RvF /etc/pki/tls/private/

After context has been restored, you will now be able to start the httpd service

Bolty McBoltFace - October 05, 2021 19:16

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.