Re: Cosign Install on IIS6 - Filter not started

[cosign@xxxxxxxxx]

Dan, it looks like it is probably a certificate issue.  Could you send me 
(either in the e-mail or attached) the log file with the most recent time 
stamp that IISCosign is generating?  Preferably one where you have 
everything 'ready to go': certs in place, registry all set, MSXML 4.0 
installed.  Stop the web site, remove the filter if it's there, then add 
the filter then restart IIS and see if a log file is generated.

--Jarod

--On Tuesday, October 05, 2004 12:50 PM -0400 "Daniel E. Lehman" 
<del3@xxxxxxx> wrote:

> I am trying to get Cosign 1.0.0 installed on our Windows Server 2003 /
> IIS 6 web server, but everything I have tried results in the filter not
> loading and the following entry in the event log:
>
> The HTTP Filter DLL C:\Program Files\IISCosign\cosign.dll failed to
> load.  The data is the error.
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> On the surface this appears to be a similar problem experienced by Brett
> Lomas in the thread
> http://www.umich.edu/~umweb/software/cosign/cosign-discuss/msg00167.html
> ; however, I tried the recommendations listed in the responses and got
> nowhere.
>
> Below are the steps I have taken to install the Cosign filter.
> 1) Download and run the install.
> 2) Configure the security settings on the folders as per the
> instructions.
> 3) Modify the config file.
> 4) Edit the registry.
> 5) Add the filter and restart IIS.
>
> At first I thought my problem may have been related to the
> DefaultAppPool running under Network Service, but Network Service is
> part of the IIS_WPG, so Network Service should have more than enough
> privilege.
>
> I then thought it may have something to do with the registry entries.  I
> actually have two keys listed (University of Michigan and University of
> Michigan - ITCS).  In each are the ConfigPath and ConfigFile strings
> which are set to C:\Program Files\IISCosign\cosign.dll.config.
>
> My next thought was that MSXML 4.0 was not installed.  No go on that
> front either.
>
> I'm wondering if this could be a certificate issue.  I want to use our
> generic SSL cert, but I don't have the key file.  I therefore can only
> export as a pfx file and then run the openssl utility to split out the
> cer and key files as described here:
> http://www.pubcookie.org/docs/install-filter-3.0.html#exportkey
>
> Once completed, I compared the new cer file to the cer file that was
> used to install the certificate originally and the files are different.
> Furthermore, I tried to install the new cer file as my web site
> certificate and now https requests fail.  Now, I don't know much about
> SSL certificates (I just know how to order them, pay for them and
> install them) so I don't know if this is an issue.
>
> I should also mention that I am running another ISAPI filter - ISAPI
> ReWrite, but I tried removing it to see if there was a conflict - no
> change in behavior.
>
> Oh, and to be thorough, here's my config file:
>
> <Cosign>
> 	<CAFilePath>C:\Program
> Files\IISCosign\SSL\ThawteServerCA.pem</CAFilePath>
> 	<ChainFilePath>C:\Program
> Files\IISCosign\SSL\www.mri.psu.edu.cert</ChainFilePath>
> 	<PrivateKeyFilePath>C:\Program
> Files\IISCosign\SSL\www.mri.psu.edu.key</PrivateKeyFilePath>
> 	<LogFilePath fileSizeInKB="4096" >C:\Program
> Files\IISCosign\Logs</LogFilePath>
> 	<CookieDBPath>C:\Program Files\IISCosign\CookieDB</CookieDBPath>
> 	<CosignServer port="6663">webaccess.psu.edu</CosignServer>
> 	<RedirectURL>https://webaccess.psu.edu/?</RedirectURL>
> 	<ConnectionPool size="4" />
> 	<CookieDBExpireTime seconds="60" />
> 	<WriteDataToEventViewer>FALSE</WriteDataToEventViewer>
> 	<CheckIPAddress>FALSE</CheckIPAddress>
>
> 	<Service website="www.mri.psu.edu">cosign-www.mri.psu.edu
> 		<Protected>/deltest</Protected>
> 	</Service>
> </Cosign>
>
> Any thoughts?
>
> -Dan