cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I assume you did start the cosignd program? It can be useful to start the
cosignd program with the -d switch (which prevents it working... and it
prints some nice debugging info to the terminal)
From: ?? [mailto:chen_kuang@xxxxxxx]
Sent: Tuesday, 3 August 2004 10:15 p.m.
To: brett lomas
I reinstall my CA, rehash the CA cert and test it ok with "openssl verify".
Then I can run "consignd -h www.weblogin.com -x /var/cosign/certs/CA -y
/var/cosign/certs/server.pem -z /var/cosign/certs/serverkey.pem"
It seems to be ok. But when I login from browser--"http://www.weblogin.com",
it's still to display "Error:But not your fault:we were unable to contact
the authentication server.please try again later." I try to find error log
from /var/log/messages or /var/log/boot, but there is nothing about cosign.
Can you give me some good advice or some notes about the weblogin installion
Thank you for your patience.
> Cosignd will most of it stuff to /var/log/messages, but also logs to
> /var/log/boot (LOCAL7).
> You will need to install the CA you used to sign the certificate
> into the /var/cosign/certs/CA dir. You will need to use the rehash command
> (I think that's what it is called) to get the hashed values of the CA
> This will be the filename, e.g.:
> openssl x509 -in [your CA cert] -hash -noout
> this will output something like:
> so copy your cert into /var/cosign/certs/CA/e30cf3fd.0