- You do not need BSAFE to run OpenACS.
- You need BSAFE to compile nsssl.so or nsssle.so (the old SSLv2 modules)
- BSAFE Crypto-C is a product of RSA Security. It costs money. Lots.
- You can use OpenSSL, a free, open source SSL SDK instead of RSA BSAFE if you're willing to use Scott Goodwin's nsopenssl.so module.
- If you don't know if you need nsssl(e).so over nsopenssl.so, then you don't. Just use nsopenssl.so. Try nsopenssl 1.1c rather than the new nsopenssl 2.0.
- You're seeing keyfile/certfile error messages in your log file because those files don't exist.
- nsd will die if the nsssl(e) module doesn't load correctly. You can
- comment out the module,
- temporarily fix it by using the demo keyfile and certfile pair,
- permanently fix it by generating a valid keyfile and certfile pair, or
- compile and configure nsopenssl instead.
- Don't forget to double check your paths, spelling, file permissions/ownerships of for the security certificates. Assuming that user id 5002 is called "nsadmin" on your machine, then you'll should chown nsadmin keyfile.pem certfile.pem; chmod 600 keyfile.pem certfile.pem.
I'm not sure what sort of problems you're having. You should try getting AOLserver to run without OpenACS before trying to get it run with the OpenACS: basically, turn off everything in the server modules section in your nsd.tcl file except nssock and nslog. If you can't serve up plain "Hello, world" type HTML files, you've hosed your configuration.
Once you get nsd to serve up regular HTML pages, try your OpenACS install again with debug turned on in your nsd.tcl and put your server log and your nsd.tcl configuration files somewhere on the web here people can view them.
