Re: [Cosign-discuss] cosign integration in development

I am now getting through and Cosign seems to be working at this time. I will follow up with a few other issues and will update post with final status shortly. Thank you for all your help. Shawn Rahl Unix Administrator Dental Informatics, School of Dentistry University of Michigan sr...@umich

Re: [Cosign-discuss] cosign integration in development

On August 17, 2012 11:00 , Phil Pishioneri wrote: > Starting with version 1 of openssl, it uses a different algorithm to > compute the hash. You can get the old and new values from it: > > pgp$ /opt/local/bin/openssl x509 -subject_hash -subject_hash_old > -noout -in umwebCA.pem > 5cc1e784 > 4700

Re: [Cosign-discuss] cosign integration in development

[root@molar cosign-ca-dir]# curl -O http://www.umich.edu/~umweb/umwebCA.pem % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 1334 100 13340 0 20540 0 --:--:-- --:--:-- -

Re: [Cosign-discuss] cosign integration in development

On August 17, 2012 10:49 , Shawn Rahl wrote: > [root@molar cosign-ca-dir]# ls -la > > total 76 > drwxr-x--- 3 apache apache 4096 Aug 17 10:40 . > drwxr-xr-x 10 root root 4096 Aug 14 14:33 .. > lrwxrwxrwx 1 root root 13 Aug 17 10:40 3c58f906.0 -> > extCAroot.pem >

Re: [Cosign-discuss] cosign integration in development

On 8/17/12 10:49 AM, Shawn Rahl wrote: > Also, it seems that the hash output for the umwebCA is not what you > are saying it should be: > > [root@molar cosign-ca-dir]# openssl x509 -hash -noout -in > ./umwebCA.pem > 4700e8dd > Starting with version 1 of openssl, it uses a different al

Re: [Cosign-discuss] cosign integration in development

I used c_rehash to generate the symlinks as documented in the Cosign implementation docs. Info - [root@molar cosign-ca-dir]# sh

Re: [Cosign-discuss] cosign integration in development

On August 17, 2012 10:27 , Shawn Rahl wrote: > Output > > [root@molar cosign-ca-dir]# ls -la /etc/httpd/cosign-ca-dir > [...] > lrwxrwxrwx 1 root root 11 Aug 17 07:51 fa84f4ea.0 -> umwebCA.pem > [...] > -rw-r--r-- 1 root root 1334 Aug 17 08:52 umwebCA.pem > [root@molar cosign-ca-di

Re: [Cosign-discuss] cosign integration in development

Output [root@molar cosign-ca-dir]# ls -la /etc/httpd/cosign-ca-dir total 76 drwxr-x--- 3 apache apache 4096 Aug 17 08:52 . drwxr-xr-x 10 root root 4096 Aug 14 14:33 .. lrwxrwxrwx 1 root root 13 Aug 17 07:51 3c58f906.0 -> extCAroot.pem lrwxrwxrwx 1 root root 14 Aug 17 07:51 8

Re: [Cosign-discuss] cosign integration in development

On August 17, 2012 10:10 , Shawn Rahl wrote: > [root@molar ~]# cat /dev/null | openssl s_client -connect > weblogin.umich.edu:6663 -CApath > /etc/httpd/cosign-ca-dir -cert > /etc/httpd/certs/current/mitools-dev.dent.umich.edu.crt -key > /etc/httpd/certs/current

Re: [Cosign-discuss] cosign integration in development

When I originally submitted this, we had self-signed certs. We have since replaced with InCommon certificates, and I have updated the intermediate cert bundle, the root CA cert, and the umwebCA certificate. I have re-ran c_rehash on the cosign CA directory as well. The output of the command that

Re: [Cosign-discuss] cosign integration in development

On August 16, 2012 14:43 , Shawn Rahl wrote: > We are getting the 503 Service Temporarily Unavailable message after > authenticating with weblogin. [...] > > Differences between production and this config: > - site name is mitools-dev instead of mitools > - IPs are different > - certs are self-si