On August 17, 2012 10:27 , Shawn Rahl <sr...@umich.edu> wrote: > Output.... > > [root@molar cosign-ca-dir]# ls -la /etc/httpd/cosign-ca-dir > [...] > lrwxrwxrwx 1 root root 11 Aug 17 07:51 fa84f4ea.0 -> umwebCA.pem > [...] > -rw-r--r-- 1 root root 1334 Aug 17 08:52 umwebCA.pem > [root@molar cosign-ca-dir]# sha512sum umwebCA.pem > e8de2020db961a1d20ef17752945ebdfdc089ceeb9d9370d6cbbac29f3c65711994e5e54a03338d3d6b03b711faa197c229b9eb9832be982fa0cd3eb65a79a04 > > umwebCA.pem > > Be sure you have the following in that directory (note that this > will be different for people from other institutions): > > lrwxrwxrwx. 1 root root 11 Jul 10 11:22 5cc1e784.0 -> umwebCA.pem > -rw-r--r--. 1 root root 1334 Mar 19 10:56 umwebCA.pem > > Also make sure you have the correct CA root certificate: > > [root@minos certs]# sha512sum umwebCA.pem > > e8de2020db961a1d20ef17752945ebdfdc089ceeb9d9370d6cbbac29f3c65711994e5e54a03338d3d6b03b711faa197c229b9eb9832be982fa0cd3eb65a79a04 > umwebCA.pem > [root@minos certs]# >
If you have the wrong hash -- as you seem to -- mod_cosign will not be able to find the CA root certificate for UM Web CA. How did you generate the hash symlink? If this is a Red Hat Enterprise Linux box, make sure you have the authconfig RPM installed, then run: cd /etc/httpd/cosign-ca-dir ; /usr/sbin/cacertdir_rehash . Or, if you have the c_rehash script from the OpenSSL source code distribution, run: cd /etc/httpd/cosign-ca-dir ; c_rehash . Also, you should be able to see the same output for: [root@minos certs]# openssl x509 -hash -noout -in ./umwebCA.pem 5cc1e784 [root@minos certs]# Short form: fixing the hash symlink should solve the problem. -- Mark Montague m...@catseye.org ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
