Hi all... I had a cosigned 10.5.8 *server* system set up correctly which I updated to 10.6.2 Server After I re-maked cosign and reinstalled it -- all worked fine. As expected.
But then I needed to reformat the server, so I started clean with 10.6 In trying to set up cosign on this box, it seems Apple changed how certificates were done. Which is fine. They now are separated out into "parts" (example) -rw-r--r-- 1 root wheel 1732 Nov 16 05:52 <hostname>.A1F1C424CAE8BFA965D39024B1B8FFF8F6E5C15E.cert.pem -rw-r--r-- 1 root wheel 1732 Nov 16 05:52 <hostname>.A1F1C424CAE8BFA965D39024B1B8FFF8F6E5C15E.chain.pem -rw-r----- 1 root certusers 3483 Nov 16 05:52 <hostname>.A1F1C424CAE8BFA965D39024B1B8FFF8F6E5C15E.concat.pem -rw-r----- 1 root certusers 1751 Nov 16 05:52 <hostname>.A1F1C424CAE8BFA965D39024B1B8FFF8F6E5C15E.key.pem tts10:certificates root# Which is fine. I just modified my site_conf file accordingly. However, Apple changed how "self-signed" certificates are made with Server Admin such that a passphrase is generated. From the 10.6 server manual: The Certificate Assistant generates a key pair and certificate. Certificate Manager encrypts the files with a random passphrase, puts the passphrase in the System keychain, and puts the resulting PEM files in /etc/certificates/. This has the unfortunate effect of breaking cosign. When I include cosign in my "site", apache will keep respawning: Nov 16 10:08:31 tts10 org.apache.httpd[88871]: [Mon Nov 16 10:08:31 2009] [error] SSL_CTX_use_PrivateKey_file: /etc/certificates/<hostname>.A1F1C424CAE8BFA965D39024B1B8FFF8F6E5C15E.key.pem: error:0906406D:PEM routines:PEM_def_callback:problems getting password\n Nov 16 10:08:31 tts10 com.apple.launchd[1] (org.apache.httpd[88871]): Exited with exit code: 1 Nov 16 10:08:31 tts10 com.apple.launchd[1] (org.apache.httpd): Throttling respawn: Will start in 10 seconds The Certificate Assistant doesn't seem to have an option to generate a certificate without a passphrase (like in 10.5 Server). I'm not sure what to do at this point. Does anybody have any suggestions? Thanks! - Steve -- Steve Maser ([email protected]) | Thinking is man's only basic virtue, Sr. Systems Administrator | from which all the others proceed. Office of Technology Transfer | -- Ayn Rand ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
