[Cosign-discuss] alert unknown ca

Wed, 02 Apr 2008 14:27:00 -0700 

This may be more of a certificate problem than a Cosign problem, but I have
tried the suggestions outlined in
http://weblogin.org/cosign-discuss/msg00222.html and am still not getting a
Cosign authentication with a self signed certificate.

Here is the message I see on the Cosign server:

Apr  2 16:42:46 weblogin cosignd[10323]: connect: 152.10.1.59
Apr  2 16:42:46 weblogin cosignd[10323]: f_starttls: snet_starttls:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

On the client:

[Wed Apr 02 16:31:10 2008] [error] mod_cosign: cosign_cookie_valid: Unable
to connect to any Cosign server.
[Wed Apr 02 16:43:26 2008] [error] mod_cosign: snet_starttls:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify

Following the suggestions mentioned above, I copied the self signed
certificate to the CA directory on the cosignd server.

Also, as suggested, I tried checking it and this check sure seems to work
ok:

cat /dev/null | openssl s_client -connect weblogin.appstate.edu:6663 \
-CApath /etc/cosign/certs/CA \
-cert /etc/cosign/certs/groupware.crt \
-key /etc/cosign/certs/groupware.key \
-starttls smtp

CONNECTED(00000003)
depth=1 /C=US/ST=North Carolina/L=Boone/O=Appalachian State
University/OU=ITS/CN=Root CA
verify return:1
depth=0 /C=US/ST=North Carolina/O=Appalachian State University/OU=ITS
cosignd/CN=weblogin.appstate.edu
verify return:1
---
Certificate chain
 0 s:/C=US/ST=North Carolina/O=Appalachian State University/OU=ITS
cosignd/CN=weblogin.appstate.edu
   i:/C=US/ST=North Carolina/L=Boone/O=Appalachian State
University/OU=ITS/CN=Root CA
 1 s:/C=US/ST=North Carolina/L=Boone/O=Appalachian State
University/OU=ITS/CN=Root CA
   i:/C=US/ST=North Carolina/L=Boone/O=Appalachian State
University/OU=ITS/CN=Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAumgAwIBAgIBATANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJVUzEX
.
.
a9DAaJ/1wgL/EtGDUCzsynOYMpAHJMRVPM9kYzP1vDR01AtF
-----END CERTIFICATE-----
subject=/C=US/ST=North Carolina/O=Appalachian State University/OU=ITS
cosignd/CN=weblogin.appstate.edu
issuer=/C=US/ST=North Carolina/L=Boone/O=Appalachian State
University/OU=ITS/CN=Root CA
---
No client certificate CA names sent
---
SSL handshake has read 1986 bytes and written 2244 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
FD64EEE64AC5E1B4E62846FE5A48CB69D85BCFE9935A9ACE1EF0D0C135A030BC
    Session-ID-ctx:
    Master-Key:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1207170278
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
220 2 Collaborative Web Single Sign-On
DONE

Thank you in advance for any assistance or suggestions.

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to