If Agent needs to talk 'ssl' to OpenAM, Agent will fail with
"BaseService::doRequest() NSPR failure while sending to XXX, error = -8023"
This is due to NSS changed the way it crypto tokens should be initialized.
From NSS documentation:
"It is an error to try to use a PKCS#11 crypto module in a process before it has been initialized in that process, even if the module was initialized in the parent process. Beginning in NSS 3.12.3, Softoken will detect this error. "
Export variable 'NSS_STRICT_NOFORK' with value 'DISABLED' before starting the server.
Example for Apache http server:
put the following in apachectl script
Either the way the agent initializes NSS has to be changed or ,as NSS 3.12.9 has again changed the behaviour, bundle this version instead.