CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cosignd and multiple CAs

On 6/4/04 2:13 PM, Phil Pishioneri wrote:

At the filter's side, we aren't getting any error messages in the web server's error_log.

That's wrong: there is a message in the filter's apache error_log:

snet_starttls: error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate

and further checking reveals that we may not be generating valid sslclient certs with the 2nd CA (we're trying to be very specific about the extended attributes enabled for certs under the 2nd CA, and may have not enabled digital signatures, which appear to be required for clients).

Assume it works if you don't hear from me again about this :-).


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010