make sure the certificates listed on the CosignCrypto line are valid and the common name of the certificate matches your FQDN. I believe that self-signed certs wont' work for authing with cosign.
503 is the error that cosign gives across the board when something goes wrong. -Ross On Thu, Aug 16, 2012 at 2:43 PM, Shawn Rahl <sr...@umich.edu> wrote: > Good afternoon. > > We have a new development server hosting dev versions of our MiTools site. > All is working except for the cosign integration. Any assistance would be > greatly appreciated. > > We are getting the 503 Service Temporarily Unavailable message after > authenticating with weblogin. We have followed the cosign documentation for > UM as well as the general docs on weblogin.org. Attached is a text file > containing our VirtualHost entry that is configured with Cosign. Whether we > point there or at production, we get the same results. > > Differences between production and this config: > - site name is mitools-dev instead of mitools > - IPs are different > - certs are self-signed instead of GeoTrust certs > > Here is what we are seeing: > > In the error log (mitools-ssl-error_log), we see: > > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: snet_starttls: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > [Thu Aug 16 14:39:50 2012] [error] mod_cosign: cosign_cookie_valid: Unable > to connect to any Cosign server. > > > In our browser, afterauthentication from weblogin or weblogin-test, we see: > > - 503 Service Temporarily Unavailable error > - URL in browser address bar: > > > https://mitools-dev.dent.umich.edu/cosign/valid/?cosign-mitools-dev.dent.umich.edu=U10jam-8ApjjZXs0gNUNMo1xPAGCYiqvU7cl2sDu3A2nWw4F9-hTjJd2zPF2dT4SlWyh1o9hZTF04xEI1Mpvf6HUqMANCsrK618i5wpjJhGbWDsUibkfmo5THawu&https://mitools-dev.dent.umich.edu/ > > > > listing of the cosign-ca-dir shows the following: > > [root@molar httpd]# ls -l cosign-ca-dir/ > > total 48 > > lrwxrwxrwx 1 root root 13 Aug 15 17:15 3c58f906.0 -> extCAroot.pem > > lrwxrwxrwx 1 root root 16 Aug 15 17:15 4b841d5f.0 -> intermediate.pem > > lrwxrwxrwx 1 root root 14 Aug 15 17:15 84df5188.0 -> incommonCA.pem > > -rw-r--r-- 1 root root 1521 Apr 16 12:11 extCAroot.pem > > lrwxrwxrwx 1 root root 11 Aug 15 17:15 fa84f4ea.0 -> umwebCA.pem > > -rw-r--r-- 1 root root 1712 Aug 15 17:14 incommonCA.pem > > -rw-r--r-- 1 root root 2664 Jun 14 09:18 intermediate.pem > > -rw-r--r-- 1 root root 1927 Aug 7 09:08 umwebCA.pem > > > > > Thanks, > Shawn Rahl > Unix Administrator > > Dental Informatics, School of Dentistry > > University of Michigan > > sr...@umich.edu > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Cosign-discuss mailing list > Cosign-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/cosign-discuss > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
