CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cosignd and multiple CAs

On 6/4/04 12:11 PM, johanna bromberg craig wrote:

We run it this way at Michigan now. :)

We use Verisign, InstantSSL and our umwebCA all together in our current weblogin infrastructure.

Are you running into any issues with this sort of configuration?

While attempting to use a filter cert from the second CA, we're getting this on the cosignd's syslog:

f_starttls: snet_starttls: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

(no other error messages being logged on the server).

At the filter's side, we aren't getting any error messages in the web server's error_log.

If we switch the cert the filter is using to one signed by the first CA (same one that signed the cosignd cert), it works.

The one significant difference between those certs (both CAs are local) is that the 1st has keys of 1024 bit lengths (for both CA and client), the 2nd is using 2048 lengths (for both).


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010