Paul- Did c_rehash properly create the hash symlinks in that directory? Generally, I put my CA certs in OpenSSL's default CA directory (usually /etc/ssl/certs), with a "pem" extension, and run c_rehash with no parameters. Then, for good measure, I restart apache. But, I have never done this with a chain cert.
Also, could you supply a bit more info for troubleshooting: What OS and platform? What version of Apache? And could you try to set "CASValidateServer off", just to make sure things work without validation? Hopefully Phil (this mod_auth_cas author) can comment on how well chain certs are handled -- though, I don't think that is something we've tested yet. Thanks, -Matt -----Original Message----- From: [EMAIL PROTECTED] on behalf of Paul Ortman Sent: Wed 2007-08-01 15:51 To: Yale CAS mailing list Subject: Re: SSL cert errors using mod_auth_cas -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Smith, Matt wrote: > Try running this: > > c_rehash /etc/apache2/ssl/trusted_keys > > This should create two hash symlinks in that directory. These hash > symlinks are used by the openssl libs to locate the proper certs. Sadly, that made no difference. Thanks for the tip thought. I'm out of ideas... - -- Paul Ortman PGP Key: 55602C81 - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGsORRfw8KGlVgLIERAlCdAJsExRBcoeCRIRxC9B+RwptZBLBHdwCff+q4 D1tCKenkeuI+G2kZ4eOL/64= =/VdJ -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
