Re: [Cosign-discuss] cosign integration in development

Fri, 17 Aug 2012 08:02:49 -0700 

On August 17, 2012 10:49 , Shawn Rahl <sr...@umich.edu> wrote:
> [root@molar cosign-ca-dir]# ls -la
>
>     total 76
>     drwxr-x---  3 apache apache 4096 Aug 17 10:40 .
>     drwxr-xr-x 10 root   root   4096 Aug 14 14:33 ..
>     lrwxrwxrwx  1 root   root     13 Aug 17 10:40 3c58f906.0 ->
>     extCAroot.pem
>     lrwxrwxrwx  1 root   root     11 Aug 17 10:40 4700e8dd.0 ->
>     umwebCA.pem
>     lrwxrwxrwx  1 root   root     14 Aug 17 10:40 84df5188.0 ->
>     incommonCA.pem
>     drwx------  2 root   root   4096 Aug 17 07:44 archive
>     lrwxrwxrwx  1 root   root     16 Aug 17 10:40 b0de3e19.0 ->
>     intermediate.pem
>     -rw-------  1 root   root   1521 Aug 17 07:45 extCAroot.pem
>     -rw-------  1 root   root   5379 Aug 17 07:43 incommonCA.pem
>     -rw-------  1 root   root   3309 Aug 17 07:45 intermediate.pem
>     -rw-r--r--  1 root   root   1334 Aug 17 08:52 umwebCA.pem
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Also, it seems that the hash output for the umwebCA is not what you 
> are saying it should be:
>
>     [root@molar cosign-ca-dir]# openssl x509 -hash -noout -in
>     ./umwebCA.pem
>     4700e8dd
>

This is very strange, especially since the SHA-512 hash of your 
umwebCA.pem file matches mine.

I recommend getting a new copy and checking.  I just did this on my 
MacOS X laptop and the results match what I have on my RHEL6 web server:

$ curl -O http://www.umich.edu/~umweb/umwebCA.pem
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  
Current
                                  Dload  Upload   Total   Spent    Left  
Speed
100  1334  100  1334    0     0  19974      0 --:--:-- --:--:-- --:--:-- 
21868
$ openssl x509 -hash -noout -in ./umwebCA.pem
5cc1e784
$

Once you get this, recreate the hash symlink by running c_rehash again.  
If you don't get a link named 5cc1e784.0, then something is still amiss 
and we'll have to look at this further.

--
   Mark Montague
   m...@catseye.org


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to