Re: [Cosign-discuss] "cosign_cookie_valid: Unable to connect to any Cosign server" errors & intermittent 503s

Wed, 13 Aug 2008 11:59:14 -0700 

On Wed, Aug 13, 2008 2:27 PM, "Dundas, Hope" <[EMAIL PROTECTED]> wrote:
We noticed intermittent "503 Service Unavailable" errors on our server today, and then noticed these in the logs, and I wonder if they're related? [Wed Aug 13 14:10:46 2008] [error] mod_cosign: snet_starttls: error:0D0C50A1:lib(13):func(197):reason(161) 



From the OpenSSL source code:

lib(13) = ERR_LIB_ASN1
func(197) = ASN1_F_ASN1_ITEM_VERIFY
reason(161) = ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM


Did you recently replace or change the certificate used by cosign, or 
change the CosignCrypto directive in your httpd configuration in any way?




Does the certificate that you are using with cosign verify?  Check your 
CosignCrypto directive to be sure you are verifying the correct certificate:



openssl verify -CApath /path/to/your/CA/directory  -purpose ssl_client 
/path/to/your/certificate/file.cert




Next, are you able to connect to the U-M weblogin servers using the 
following command?



openssl s_client -connect weblogin.umich.edu:6663 -cert 
/path/to/your/cosign/certificate/file.cert -key 
/path/to/your/cosign/certificate/secret-key.key -CApath 
/path/to/your/CA/directory -starttls smtp



If the above command fails, there will likely be a clue to the problem 
in its output.




Have you recently upgraded your version of Apache HTTPD, or OpenSSL?



Is anyone aware of any Cosign outages/issues today?



This is a world-wide mailing list.  There are no outages of the 
production weblogin servers at the University of Michigan.  Please use 
[EMAIL PROTECTED], [EMAIL PROTECTED], or another U-M mail address for U-M 
specific questions in the future.



               Mark Montague
               ITCS Web/Database Production Team
               The University of Michigan
               [EMAIL PROTECTED]



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss






















					Reply via email to