On August 17, 2012 10:10 , Shawn Rahl <sr...@umich.edu> wrote: > [root@molar ~]# cat /dev/null | openssl s_client -connect > weblogin.umich.edu:6663 <http://weblogin.umich.edu:6663> -CApath > /etc/httpd/cosign-ca-dir -cert > /etc/httpd/certs/current/mitools-dev.dent.umich.edu.crt -key > /etc/httpd/certs/current/mitools-dev.dent.umich.edu.key -starttls smtp > -showcerts > CONNECTED(00000003) > didn't found starttls in server response, try anyway... > depth=1 /C=US/ST=Michigan/L=Ann Arbor/O=University of > Michigan/OU=ITCS/CN=UM Web CA/emailAddress=webmas...@umich.edu > <mailto:webmas...@umich.edu> > verify error:num=19:self signed certificate in certificate chain > verify return:0 > ---
> Note, we do not have self-signed certificates being used at all, so I > am not sure where the return code 19 and message is coming from. What is the output of "ls -la /etc/httpd/cosign-ca-dir" ? Be sure you have the following in that directory (note that this will be different for people from other institutions): lrwxrwxrwx. 1 root root 11 Jul 10 11:22 5cc1e784.0 -> umwebCA.pem -rw-r--r--. 1 root root 1334 Mar 19 10:56 umwebCA.pem Also make sure you have the correct CA root certificate: [root@minos certs]# sha512sum umwebCA.pem e8de2020db961a1d20ef17752945ebdfdc089ceeb9d9370d6cbbac29f3c65711994e5e54a03338d3d6b03b711faa197c229b9eb9832be982fa0cd3eb65a79a04 umwebCA.pem [root@minos certs]# The output you should see from the "openssl s_client -showcerts" command is: [root@minos certs]# openssl s_client -connect weblogin.umich.edu:6663 -cert /etc/pki/tls/certs/minos.lsa.umich.edu.crt -key /etc/pki/tls/private/minos.lsa.umich.edu.key -CApath /etc/pki/tls/certs -starttls smtp -showcerts CONNECTED(00000003) didn't found starttls in server response, try anyway... depth=1 C = US, ST = Michigan, L = Ann Arbor, O = University of Michigan, OU = ITCS, CN = UM Web CA, emailAddress = webmas...@umich.edu verify return:1 depth=0 C = US, ST = Michigan, L = Ann Arbor, O = University of Michigan, OU = ITCS, CN = weblogin.umich.edu, emailAddress = webmas...@umich.edu verify return:1 --- Certificate chain 0 s:/C=US/ST=Michigan/L=Ann Arbor/O=University of Michigan/OU=ITCS/CN=weblogin.umich.edu/emailAddress=webmas...@umich.edu i:/C=US/ST=Michigan/L=Ann Arbor/O=University of Michigan/OU=ITCS/CN=UM Web CA/emailAddress=webmas...@umich.edu [...remainder of output omitted...] -- Mark Montague m...@catseye.org ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss