	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cosignd and multiple CAs

To: johanna bromberg craig <canna@xxxxxxxxx>
Subject: Re: cosignd and multiple CAs
From: Phil Pishioneri <pgp@xxxxxxx>
Date: Fri, 04 Jun 2004 15:19:46 -0400
Cc: Cosign Discussion <cosign-discuss@xxxxxxxxx>
In-reply-to: <40C0BBD3.2040005@psu.edu>
References: <40C09DB1.40708@psu.edu> <E16AF526-B641-11D8-95D1-000A95E48A4E@umich.edu> <40C0BBD3.2040005@psu.edu>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7) Gecko/20040514

On 6/4/04 2:13 PM, Phil Pishioneri wrote:

At the filter's side, we aren't getting any error messages in the web server's error_log.

That's wrong: there is a message in the filter's apache error_log:

snet_starttls: error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate

and further checking reveals that we may not be generating valid sslclient certs with the 2nd CA (we're trying to be very specific about the extended attributes enabled for certs under the 2nd CA, and may have not enabled digital signatures, which appear to be required for clients).

Assume it works if you don't hear from me again about this :-).

-Phil

References:
- cosignd and multiple CAs
  - From: Phil Pishioneri
- Re: cosignd and multiple CAs
  - From: johanna bromberg craig
- Re: cosignd and multiple CAs
  - From: Phil Pishioneri

Prev by Date: Re: cosignd and multiple CAs
Next by Date: Re: Cosign Loop Breaking
Previous by thread: Re: cosignd and multiple CAs
Next by thread: DELIVERY FAILURE: User 03 (03@tsm.es) not listed in public Name & Address Book
Index(es):
- Date
- Thread