CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: access problem

Thanks Wesley,

Hope I can pick your brain a little more.  I put that in.  I also upgraded to OpenSSL 9.7e. Now I am getting this in the apache log:

snet_starttls: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protoc
Unable to connect to any Cosign server.

this is in the syslog.log:

Nov  1 16:52:18 judsonhp cosignd[5759]: connect:
Nov  1 16:52:18 judsonhp cosignd[5759]: f_starttls: snet_starttls: error:140B544
E:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed

Any suggestions or direction would be appreciated.  I am using self signed certs.  I read where you all used them and I am trying to test.  They do pass the basic verify test, however, I do not get much output when doing the openssl test on the list:

cat /dev/null | /opt/openssl-0.9.7e/apps/openssl s_client -connect acadinfo.juds -CApath /opt/apache/etc/ssl.crt  -cert /opt/apache/etc/
t/server.crt -key /opt/apache/etc/xxxxx.key/xxxxxxxxxx.key -starttls smtp

I am using the basic approach.

Thanks much

jim goldrick

-----Original Message-----
From: Wesley D Craig [mailto:wes@xxxxxxxxx]
Sent: Monday, November 01, 2004 6:17 PM
To: Goldrick, Jim
Cc: cosign-discuss@xxxxxxxxx
Subject: Re: access problem

On 29 Oct 2004, at 16:03, Goldrick, Jim wrote:
> Where does the Judson College come from?  The certificate?  Should it 
> be in the conf file?  here is that.

The string "Judson College" is coming from the CN of the certificate.  
You could put that name in the conf file, if the conf file supported 
quoting, which it doesn't currently.  Typically, certificates for web 
services have a hostname for the CN.  To get it to "just work" for 
testing purposes, you can specify a wildcard, e.g.,

	service	*	0

Hope that helps.


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010