RE:

["Brett Lomas" <b.lomas@xxxxxxxxxxxxxx>]

I assume you did start the cosignd program? It can be useful to start the
cosignd program with the -d switch (which prevents it working... and it
prints some nice debugging info to the terminal)


Brett

-----Original Message-----
From: ?? [mailto:chen_kuang@xxxxxxx] 
Sent: Tuesday, 3 August 2004 10:15 p.m.
To: brett lomas
Subject: Re: 

Hi Brett,
I reinstall my CA, rehash the CA cert and test it ok with "openssl verify".
Then I can run "consignd -h www.weblogin.com -x /var/cosign/certs/CA -y
/var/cosign/certs/server.pem -z /var/cosign/certs/serverkey.pem"

It seems to be ok. But when I login from browser--"http://www.weblogin.com";,
it's still to display "Error:But not your fault:we were unable to contact
the authentication server.please try again later." I try to find error log
from /var/log/messages or /var/log/boot, but there is nothing about cosign.
Can you give me some good advice or some notes about the weblogin installion
in detail?

Thank you for your patience.
yours
chen

> Hey,
> 
> Cosignd will most of it stuff to /var/log/messages, but also logs to
> /var/log/boot (LOCAL7).
> 
> You will need to install the CA you used to sign the certificate
(cert.pem)
> into the /var/cosign/certs/CA dir. You will need to use the rehash command
> (I think that's what it is called) to get the hashed values of the CA
cert.
> This will be the filename, e.g.:
> 
> openssl x509 -in [your CA cert] -hash -noout
> 
> this will output something like:
> e30cf3fd
> so copy your cert into /var/cosign/certs/CA/e30cf3fd.0
> 
> Brett