On February 27, 2013 14:15 , Liam Hoekenga <li...@umich.edu> wrote:
I've got a cert for our local CA who's hash value (and thus filename
assigned by c_rehash) is 5cc1e784
mod_cosign is looking for it in 4700e8dd.0 and complaining that the
cert doesn't exist. :\
If I make a symlink from umwebCA.pem to 4700e8dd.0, it works fine.
c_rehash refuses to call it anything other than 5cc1e784.0
Going from OpenSSL 0.9.8n to 1.0.0, OpenSSL changed the algorithm for
the certificate subject/issuer hash. See
http://www.openssl.org/news/changelog.html
The best thing to do is:
1. Make sure that mod_cosign is compiled to use the same version of
OpenSSL that Apache HTTP Server is using. If not, recompile it. Then,
2. Regenerate all of the hash symlinks. If mod_cosign and Apache HTTP
Server are using a version of OpenSSL that uses the old hash algorithms,
then either use the command-line "openssl" utililty from that same
version, or, if you use a newer version, you can use the
-subject_hash_old and -issuer_hash_old options to the "openssl x.509"
command to get the correct hashes.
--
Mark Montague
m...@catseye.org
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
