	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: runtime requirements for IISCosign

To: Cosign Discussion <cosign-discuss@xxxxxxxxx>
Subject: Re: runtime requirements for IISCosign
From: Phil Pishioneri <pgp@xxxxxxx>
Date: Fri, 16 Apr 2004 17:18:43 -0400
In-reply-to: <506695028.1081792561@spike.itd.umich.edu>
References: <407B0BC9.1060100@psu.edu> <506695028.1081792561@spike.itd.umich.edu>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7b) Gecko/20040316

On 4/12/04 5:56 PM, jarod@xxxxxxxxx wrote:

Almost everything you need to run IISCosign is included with the installer. ...

The extra run-time requirements involves SSL certificates. You will need a certificate authority file as well as a private key and a signed certificate.

I had been testing on apache earlier with my own CA, which was working fine.

Were you having trouble getting IISCosign to load? Did any of this help?

Yes, it was related to my CA file (almost seems related to the name I'd choose for it), and I still don't know why it works now. I could use the openssl you supply to examine both CA files without any problems.

When the filter would fail for me (specifying it in CAFilePath), CosignLog.csl (trimmed) would show this error (note the first "line 556" entry)

GetFilterVersion: Getting SSL certificates. SSL_CTX_load_verify_locations( C:\Program Files\IISCosign\SSL\ASET-CA.pem ) failed. D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: Input/output error fopen system library D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: system lib BIO_new_file BIO routines D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: system lib X509_load_cert_crl_file x509 certificate routines GetFilterVersion::SetCosignCerts() failed Terminating Cosign Filter

which isn't quite the same as when I'd rename the file to see if I had mistyped the path

GetFilterVersion: Getting SSL certificates. SSL_CTX_load_verify_locations( C:\Program Files\IISCosign\SSL\ASET-CA.pem ) failed. D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: No such file or directory fopen system library D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: no such file BIO_new_file BIO routines D:\Dev\cvsified\IISCosign\Cosign\CosignMain.cpp line 556: SSL Error: system lib X509_load_cert_crl_file x509 certificate routines GetFilterVersion::SetCosignCerts() failed Terminating Cosign Filter

I would like to get a handle on this for when we start deploying the service.

-Phil

Follow-Ups:
- Re: runtime requirements for IISCosign
  - From: jarod

References:
- runtime requirements for IISCosign
  - From: Phil Pishioneri
- Re: runtime requirements for IISCosign
  - From: jarod

Prev by Date: RE: runtime requirements for IISCosign
Next by Date: Using UM cerfificate for cosign
Previous by thread: RE: runtime requirements for IISCosign
Next by thread: Re: runtime requirements for IISCosign
Index(es):
- Date
- Thread